๐ HIPAA and HITECH both provide legal guidelines for managing protected health information in the United States. Here is what businesses need to know to comply.
If your business processes protected health information (PHI) in the United States, youโll need to familiarize yourself with both the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Both pieces of legislation provide legal guidelines for managing PHI in the United States and come with strict penalties for violations. For example, two health care networks were fined $5.5M each in two of the worst violations in recent history.
However, each law manages and protects health data in different ways (and for different reasons). Below is a summary of what each law could mean for your business if it processes PHI in any format.
HIPAA vs. HITECH: What Are the Differences?
HIPAA and HITECH are two separate laws with two different goals:
- HIPAA was passed in 1996 and was the first U.S. law to regulate how protected health information was managed. It introduced a set of security controls and privacy rights aimed at reducing fraud and waste in health care. HIPAA defined who was required to comply with its regulations (which HIPAA called โcovered entitiesโ) and how they were required to do so in order to protect health data.
- The HITECH Act was passed in 2009 as part of the American Recovery and Reinvestment Act (ARRA) to encourage HIPAA-covered entities to adopt electronic health records (EHRs) for managing PHI. It offered financial incentives from 2011 to 2015 to transition to EHRs and to improve the delivery of healthcare. The HITECH Act also introduced new technical security standards (in addition to a few other things below) that complement and enhance HIPAA as well.
Top comments (0)