Follow Us:

Health Information Technology for Economic and Clinical Health Act


The HITECH Act was enacted as part of the American Recovery and Reinvestment Act of 2009. It dictates additional privacy and security requirements over the transmission of electronic health information (EPHI) and extends requirements to business associates of covered entities.

The HITECH Act includes a number of new or enhanced requirements:

  • Breach notification rules dictating timeliness and minimum requirements
  • Audits and enforcement by the Department of Health and Human Services
  • Protection of Electronic Health Records (EHR)
  • Signed Business Associate Agreements on file with covered entities

Meaningful Use

Meaningful Use standards for security and privacy are required in compliance with the incentive programs, including Electronic Health Records (EHR) modules for the following:

  • Access Control
  • Emergency Access
  • Automatic log-off
  • Audit log
  • Integrity
  • Authentication
  • General Encryption
  • Encryption when exchanging electronic health information
  • Account of disclosure (optional)



  • Healthcare
    • Business Associates to Covered Entities
    • Hospitals
    • Medical Offices
    • Health Insurance Providers
    • Any Covered Entity

How secure is your organization?

Speak with an information security expert to find out.

All Areas of Compliance