What is HITECH?

The 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) expanded the privacy and security obligations associated with HIPAA. HIPAA privacy regulations restrict the use, access, and disclosure of protected health information (PHI) and other individually identifiable healthcare information.

The 2009 HITECH legislation increased the responsibilities of the business associate. It requires that covered entities are responsible for the HIPAA rules, but also that administrative, physical, and technical safeguards, and policy, procedure, and documentation requirements of the HIPAA Administrative Simplification Security Rule, apply to a business associate of a covered entity in the same manner as the covered entity. These additional requirements must be incorporated into the BAA between the business associate and the covered entity.