HITECH Act and HIPAA


The American Recovery and Reinvestment Act of 2009 includes the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act provides Medicare and Medicaid monetary incentives for hospitals and physicians to adopt electronic health records (EHRs) and also provides grants for the development of a health information exchange (HIE). These incentives and grants were created to stimulate health care providers to adopt technology necessary to improve the efficiency of patient healthcare.

HITECH Act provides billions for healthcare infrastructure and the adoption of electronic health records (EHR). According to the Act, physicians are eligible to receive up to $44,000 per physician from Medicare for "meaningful use" of a certified EHR system.

ARRA describes "improvements" to existing HIPAA law, covered entities, business associates and others will be subject to more rigorous standards when it comes to protected health information (PHI) The HITECH Act expands the scope of the HIPAA Privacy and Security Rules and increases the penalties for HIPAA violations.


How HITECH effects HIPAA

Specificially, the HITECH Act addresses five main areas of the HIPAA regulations:

Extends the same HIPAA privacy and security requirements (and penalties) for covered entities to business associates.

Establishes mandatory federal privacy and security Breach Notification requirements for HIPAA covered entities and business associates.

Creates new privacy requirements for HIPAA covered entities and business associates, including new accounting disclosure requirements and restrictions on sales and marketing.

Establishes new criminal and civil penalties for HIPAA non-compliance and new enforcement methods.

Mandates that the new security requirements must be incorporated into all Business Associate contracts.