The Health Information Technology for Economic and Clinical Health (HITECH) Act is an important aspect of HIPAA compliance.

According to the U.S. Department of Health and Human Services (HHS), the HITECH Act promotes “the adoption and meaningful use of health information technology,” while also discussing and providing provisions that “strengthen the civil and criminal enforcement of the HIPAA rules.”

Enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and containing revisions for the Social Security Act, the HITECH Act established four categories of violations and accompanying penalties. The penalties can reach a maximum of $1.5 million for violations of the same provision, and the lowest penalties have all increased significantly for each violation due to the revisions.

The act also amended the rule that allowed Covered Entities to be excused from a penalty if they could show that they “did not know and with the exercise of reasonable diligence would not have known of the violation (such violations are now punishable under the lowest tier of penalties),” the HHS site states. Also, the Covered Entity can be excused of a penalty, if it is corrected within 30 days and was not due to willful neglect.









*CE could argue case with Secretary and have penalties reduced

**OCR “must” apply the penalty fairly across all entities, not “settle” complaints


To help protect your organization from these large fines, join HIPAAgps and start your risk assessment today.