2017 HIPAA Software

HIPAA Rules

Other Resources

Last updated


HIPAA and the HITECH Act



The American Recovery and Reinvestment Act of 2017 includes the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act provides Medicare and Medicaid monetary incentives for hospitals and physicians to adopt electronic health records (EHRs) and also provides grants for the development of a health information exchange (HIE). These incentives and grants were created to stimulate health care providers to adopt technology necessary to improve the efficiency of patient healthcare.

HITECH Act provides over $30 billion for healthcare infrastructure and the adoption of electronic health records (EHR). According to the Act, physicians are eligible to receive up to $44,000 per physician from Medicare for "meaningful use" of a certified EHR system starting in 2017.

ARRA describes "improvements" to existing HIPAA law, covered entities, business associates and others will be subject to more rigorous standards when it comes to protected health information (PHI) The HITECH Act expands the scope of the HIPAA Privacy and Security Rules and increases the penalties for HIPAA violations.



How HITECH effects HIPAA

Specificially, the HITECH Act addresses five main areas of the HIPAA regulations:

Applies the same HIPAA privacy and security requirements (and penalties) for covered entities to business associates

Establishes mandatory federal privacy and security breach reporting requirements for HIPAA covered entities and business associates

Creates new privacy requirements for HIPAA covered entities and business associates, including new accounting disclosure requirements and restrictions on sales and marketing

Establishes new criminal and civil penalties for HIPAA non-compliance and new enforcement methods

Mandates that the new security requirements must be incorporated into all Business Associate contracts