Table of Contents
    Home / Definitions / HITECH Act
    Definitions 3 min read

    The Health Information Technology for Economic and Clinical Health Act (HITECH Act) compromises several protections, protocols, and procedures that shift focus from paper forms to electronic Protected Health Information (PHI).  

    What does the HITECH Act do?

    HITECH imposes tougher compliance requirements for the healthcare organization, business associates, and individuals within the healthcare organization. 

    The act was developed to motivate the implementation of electronic health records (EHR) and other supporting technologies in the US. The Act became law in February 2009 as part of the American Recovery and Reinvestment Act of 2009 and was created to improve the safety, efficiency, and quality of the healthcare ecosystem in the US.

    Is the HITECH Act different from HIPAA?

    HITECH is an upgrade to the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996, a time when health IT was not as prevalent as it is today. With the growing and widespread use of digital and wireless technologies such as cloud computing, the Internet of Things, pervasive use of mobile phones and other connected devices. At the same time, increasingly sophisticated hacking and the prevalence of data breaches made it important to upgrade HIPAA-imposed requirements to account for the new challenges created by the technological advances available to doctors, patients, and administrators.

    Both HITECH and HIPAA address the security of PHI, but HITECH has more in-depth compliance requirements. 

    For example, after the Act was implemented, patients can request access reports which show all parties that accessed their electronic PHI. There are also several differences in the penalty structure and breach notifications, which require administrators to notify patients if their health information has been breached deliberately or by accident. The HITECH Act has much harsher penalties for non-compliance with fines ranging up to $50,000 per violation or $1.5 million per year.  

    What are the Major Components of the HITECH Act?

    • Business Associates: The HIPAA penalties are extended to apply to business associates such as software companies, banks, billing firms, and health information exchanges.
    • More Audits: The Act offers funding for more audits by federal regulators for both, the business associated and the healthcare organization.
    • Enforcement: The US Department of Health has been given more authority to enforce the rules and regulations of HIPAA.
    • Toucher Fines: Under the HITECH Act, penalties can be levied against individuals within a healthcare origination along with all the other fines already part of HIPAA.
    • Accountability: Patients can request the healthcare organization to report all disclosures of their PHI. Individuals also have the right to request copies of their electronic health records.
    • Marketing Restrictions: The Act places several restrictions on marketing activities including communication to patients about new products and services.

    Image of HITECH Act cover page.Where can I read the full HITECH Act?

    The HITECH Act is formally called PUBLIC LAW 111–5—FEB. 17, 2009, TITLE XIII Sec, 13001. The full text of the HITECH Act is available for download from the U.S. Government Printing Office, and begins on page 112 as part of the larger American Recovery & Reinvestment Act of 2009.