HISTECH Act of 2009: Definition & Purpose

Instructor: Beth Hendricks

Beth holds a master's degree in integrated marketing communications, and has worked in journalism and marketing throughout her career.

The HITECH Act backs up many of HIPAA's provisions and adds additional requirements for data breaches and business associates, among other topics. In this lesson, you'll get an overview of the HITECH Act.

You've Got (Breach) Mail

A hospital in Iowa recently sent mail to nearly 2,000 of its patients ... and not just to say ''hello.'' The hospital discovered that one of its former employees may have inappropriately accessed patients' confidential protected health information (PHI) including addresses, health status, prescriptions and insurance data.

The HITECH Act requires medical providers to alert patients to data breaches.
hitech, hipaa, data, breach, notification, requirements

As required by law, the hospital issued notification letters to individuals who may have been impacted, after an internal investigation concluded a data breach may have occurred. That law, known succinctly as the HITECH Act, is the subject of this lesson.

What Is The HITECH Act?

It sounds ''high tech,'' right? That's because it is! The HITECH Act, known fully as the Health Information Technology for Economic and Clinical Health Act, was born out of the American Recovery and Reinvestment Act that was signed into law in 2009. You may be surprised to hear that because you likely associate HITECH more closely with Health Insurance Portability and Accountability Act (HIPAA) and for good reason. HITECH enhances HIPAA enforcements and extends its provision to business associates (more on that later).

The HITECH Act was actually created to promote the implementation of electronic health records (EHRs) by medical providers. In fact, for a short time, it actually promised financial incentives to healthcare providers who could show that they were incorporating these electronic records in a meaningful way.

But, stimulating the adoption of EHRs wasn't the only reason. HITECH was passed for additional reasons.

HITECH Provisions

Additional provisions under HITECH cover everything from stronger enforcement of HIPAA to data breach notification requirements.

Enforcement And Penalties

What happens when medical providers willfully neglect parts of of HIPAA? The HITECH Act covers that, specifying penalties from $10,000 per violation to as much as $1.5 million for repeat offenders. Officials at the Department of Health and Human Services may uncover inappropriate behavior through legally-required audits of both covered entities such as hospitals and business associates. Willful neglect can also trigger civil penalties. For unintentional violations, penalties can start at $100 per violation.

Business Associates

Business associates are companies and vendors that perform tasks for medical providers that require them to have access to confidential patient data. You might recognize them as billing companies, banks or software companies, just to name a few. Under HITECH, business associates must now conform to HIPAA requirements for safeguarding that data. If a business associate compromises PHI, they must follow the same rules for notification as a medical provider.

Record Access

Thanks to HITECH, individuals must now be given access to a copy of their EHR if they ask for it. That means providing an electronic copy of a record that is stored electronically. Medical providers may charge a fee for the labor involved in generating the copy.

Minimum Necessary

Under the HITECH Act, medical providers are required to release only the ''minimum necessary'' patient information to handle a particular function. For example, doctors and nurses may need access to a patient's entire medical record to deliver treatment, but in the case of a billing firm, only the details related to billing should be shared to accomplish that task.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support