The Health Information Technology for Economic and Clinical Health Act (HITECH Act) compromises several protections, protocols, and procedures that shift focus from paper forms to electronic Protected Health Information (PHI).
HITECH imposes tougher compliance requirements for the healthcare organization, business associates, and individuals within the healthcare organization.
The act was developed to motivate the implementation of electronic health records (EHR) and other supporting technologies in the US. The Act became law in February 2009 as part of the American Recovery and Reinvestment Act of 2009 and was created to improve the safety, efficiency, and quality of the healthcare ecosystem in the US.
HITECH is an upgrade to the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996, a time when health IT was not as prevalent as it is today. With the growing and widespread use of digital and wireless technologies such as cloud computing, the Internet of Things, pervasive use of mobile phones and other connected devices. At the same time, increasingly sophisticated hacking and the prevalence of data breaches made it important to upgrade HIPAA-imposed requirements to account for the new challenges created by the technological advances available to doctors, patients, and administrators.
Both HITECH and HIPAA address the security of PHI, but HITECH has more in-depth compliance requirements.
For example, after the Act was implemented, patients can request access reports which show all parties that accessed their electronic PHI. There are also several differences in the penalty structure and breach notifications, which require administrators to notify patients if their health information has been breached deliberately or by accident. The HITECH Act has much harsher penalties for non-compliance with fines ranging up to $50,000 per violation or $1.5 million per year.
The HITECH Act is formally called PUBLIC LAW 111–5—FEB. 17, 2009, TITLE XIII Sec, 13001. The full text of the HITECH Act is available for download from the U.S. Government Printing Office, and begins on page 112 as part of the larger American Recovery & Reinvestment Act of 2009.