The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

What changes in HIPAA compliance requirements were made by the HITECH Act?

The Health Information Technology for Economic and Clinical Health (HITECH Act) of 2009 expanded the scope of the privacy and security provisions of the HIPAA and its enabling regulations.  Some of the significant changes for health care providers include:

  • Applying privacy and security provisions and penalties to business associates 
  • Imposing new notification requirements in the event of a breach of PHI.
  • Creating stricter disclosure requirements, such as: Restricting the disclosure of PHI by a health care provider at   the request of a patient if it is for purposes other than treatment and the health care service or item has been paid out-of-pocket and in full (except as otherwise required by law); Limiting the disclosure of PHI to a limited data set or to the minimum necessary to accomplish the intended purpose; and Requiring health care providers to make available an accounting of certain disclosures of PHI that occurred over the past three years at the patient's request
  • Strengthening enforcement procedures and penalties

The HITECH Act also expands notification requirements to the vendors of personal health records (PHRs) and other non-HIPAA covered entities for the breach of identifiable information in personal health records.

American Recovery and Reinvestment Act of 2009 - Provisions of the HITECH Act of 2009 are included.

2009 HIMSS Analytics Report: Evaluating HITECH's Impact on Healthcare Privacy and Securitygo to exit disclaimer - This report summarizes findings from a survey conducted by HIMSS of senior executives from healthcare organizations and individuals working for business associates on their understanding of the HITECH privacy and security provisions.

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed