hitech act

HITECH Act Compliance: A Guide for Health Providers

How do you know if, as a healthcare provider, your practice is HITECH compliant? What is the HITECH Act and how does this factor into HIPAA compliance? What happens if your practice is not compliant?

Continue reading to learn everything you need to know about the HITECH Act of 2009.

What Is the HITECH Act of 2009?

The Health Information Technology for Economic and Clinical Health Act, or HITECH Act, is a part of the American Recovery and Reinvestment Act of 2009 (ARRA), an economic stimulus package, that became law in February of 2009 under the Obama administration.

There were privacy and security concerns when it came to the use of the electronic transmission of health information. The HITECH Act was created out of the need for civil and criminal enforcement of the previously set regulations by HIPAA.

The Act was a means to enhance the use of electronic health records (EHR). It was a way to remove the loopholes in the Health Information Portability and Accountability Act of 1996 (HIPPA).

The HITECH Act of 2009 granted $25.9 billion to expand healthcare technology as an incentive for healthcare providers to improve IT security and to reap the benefits of electronic health records technology.

Why Is the HITECH Act Important?

HITECH was a means to tighten the reigns on HIPAA privacy laws. The HITECH Act lays down stronger regulations than HIPAA ever did.

It takes a lot for a patient to trust that the healthcare provider will keep their information secure. The healthcare provider and the entity containing the patient's health information must be able to promise that they will do so.

The Health Insurance Portability and Accountability Act (HIPAA) was set to give patients peace of mind and to hold healthcare providers and their counterparts accountable when a breach happens.

Since its induction to the healthcare system in 1996, HIPAA was not taken seriously. So the HITECH Act reinforces the liability for non-compliance for both the healthcare provider and the business associates that they entrust to keep patient information safe.

The HITECH Act requires you to prove that you are HIPAA compliant. If either of these entities fails to keep the patient's privacy rights intact, they are held responsible.

The Cost of Non-Compliance

Not only healthcare providers are at fault when it comes to non-compliance. The third parties that manage the electronic health records (EHRs) can be held accountable for any breaches in privacy and security.

The HITECH Act performs audits to ensure that everyone is in compliance with HIPAA regulations.

Tier One

Tier 1 is invoked when the entities are not aware that any HIPAA laws have been broken. This is the case when reasonable steps get taken to ensure privacy is not violated and it still occurred.

The first offense can cost anywhere between $100 and $50,000 per violation. Repeated offense can cost up to $1.5 million per year.

Tier Two

A Tier 2 offense transpires when there is reasonable proof that the violation would have been avoided had the provider been practicing due diligence. The simple fact is that it was avoidable had the provider been more aware of what was happening.

The first offense can cost between $1,000 and $50,000 per violation. Repeated offenses can cost up to $1.5 million per year.

Tier Three

This occurs when the provider is found to be in willful neglect of the HIPAA guidelines and manages to correct the violation within 30 days. Repeat offenses are held accountable.

The minimum fine for the first offense of a Tier 3 violation can cost between $10,000 and $50,000 per violation. A repeat offense can cost up to $1.5 million per year that the situation does not improve.

Tier Four

This occurs when healthcare providers show willful neglect and make no effort to correct the violation during the given time period. Repeat offenses are held to a higher standard.

The minimum fine for a Tier 4 violation is $50,000 per violation. It can cost up to $1.5 million per year for repeat violations.

How to be HITECH Compliant

It can be difficult to know whether or not you are compliant with all of the regulations that come with this Act. The HITECH Act ensures that healthcare providers are using certified EHR technology.

Being HIPAA compliant means that you are HITECH compliant. The HIPAA Security Suite is the most cost-effective service that a healthcare provider may use to be HIPAA compliant.

This service provides you with HIPAA documentation which is the requirement under the HITECH Act. It gives you the proof that you need to show that you are in compliance with the laws under patient privacy.

It also provides you with risk assessment, staff training, remediation, HIPAA emergency response teams, backup and disaster recovery, and IT support services.

Benefits of HITECH Compliance

HITECH compliance benefits everyone involved. It keeps the healthcare providers and the health information technology on top of their HIPAA compliance.

Patients get access to their health records electronically. Patients are also notified of any breach of their electronically protected health information (PHI). They must receive the details of the breach and how the breach is being resolved.

HITECH Act of 2009

The HITECH Act was signed into law to reinforce HIPAA standards. The Obama Administration saw that HIPAA standards weren't taken seriously and this was how the solution to the problem.

Make sure that your practice is in compliance with HIPAA and you won't have to pay the fines associated with HIPAA violations.

See our website for more information on the HIPAA Security Suite and how it can make sure that you are following the HITECH protocol. Feel free to contact us with any questions that you might have.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top