What is HIPAA HITECH?

Health Insurance Portability and Accountability Act (HIPAA) came out in the “dawn of the Internet” back in 1996 before many smaller businesses even had computers or access to the Internet, while Health Information Technology for Economic and Clinical Health Act (HITECH) amended HIPAA in 2009.

HIPAA sets baseline privacy and security requirements, while HITECH strengthens HIPAA by:

• Enhancing breach notification requirements for incidents affecting 500+ individuals;
• Extending rules to include healthcare business associates; and
• Increasing penalties and enforcement of privacy provisions.

Together, HIPAA/HITECH require entities to conduct security risk assessments, maintain administrative and technical safeguards, document policies and procedures, train staff, secure data transfers and notify affected individuals and regulators in case of breaches.