The Health Information Technology for Economic and Clinical Health Act (HITECH Act) compromises several protections, protocols, and procedures that shift focus from paper forms to electronic Protected Health Information (PHI).  

What does the HITECH Act do?

HITECH imposes tougher compliance requirements for the healthcare organization, business associates, and individuals within the healthcare organization. 

The act was developed to motivate the implementation of electronic health records (EHR) and other supporting technologies in the US. The Act became law in February 2009 as part of the American Recovery and Reinvestment Act of 2009 and was created to improve the safety, efficiency, and quality of the healthcare ecosystem in the US.

Is the HITECH Act different from HIPAA?

HITECH is an upgrade to the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996, a time when health IT was not as prevalent as it is today. With the growing and widespread use of digital and wireless technologies such as cloud computing, the Internet of Things, pervasive use of mobile phones and other connected devices. At the same time, increasingly sophisticated hacking and the prevalence of data breaches made it important to upgrade HIPAA-imposed requirements to account for the new challenges created by the technological advances available to doctors, patients, and administrators.

Both HITECH and HIPAA address the security of PHI, but HITECH has more in-depth compliance requirements. 

For example, after the Act was implemented, patients can request access reports which show all parties that accessed their electronic PHI. There are also several differences in the penalty structure and breach notifications, which require administrators to notify patients if their health information has been breached deliberately or by accident. The HITECH Act has much harsher penalties for non-compliance with fines ranging up to $50,000 per violation or $1.5 million per year.  

What are the Major Components of the HITECH Act?

  • Business Associates: The HIPAA penalties are extended to apply to business associates such as software companies, banks, billing firms, and health information exchanges.
  • More Audits: The Act offers funding for more audits by federal regulators for both, the business associated and the healthcare organization.
  • Enforcement: The US Department of Health has been given more authority to enforce the rules and regulations of HIPAA.
  • Toucher Fines: Under the HITECH Act, penalties can be levied against individuals within a healthcare origination along with all the other fines already part of HIPAA.
  • Accountability: Patients can request the healthcare organization to report all disclosures of their PHI. Individuals also have the right to request copies of their electronic health records.
  • Marketing Restrictions: The Act places several restrictions on marketing activities including communication to patients about new products and services.

Image of HITECH Act cover page.Where can I read the full HITECH Act?

The HITECH Act is formally called PUBLIC LAW 111–5—FEB. 17, 2009, TITLE XIII Sec, 13001. The full text of the HITECH Act is available for download from the U.S. Government Printing Office, and begins on page 112 as part of the larger American Recovery & Reinvestment Act of 2009.

Ali Azhar
Ali Azhar
Ali is a professional writer with diverse experience in content writing, technical writing, social media posts, SEO/SEM website optimization, and other types of projects. Ali has a background in engineering, allowing him to use his analytical skills and attention to detail for his writing projects.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Complete List of Cybersecurity Acronyms

Cybersecurity news and best practices are full of acronyms and abbreviations. Without understanding what each one means, it's difficult to comprehend the significance of...

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...


An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...