The HITECH Act, which was passed in 2009 under the American Recovery and Reinvestment Act (ARRA), strengthened several of the privacy and security protections under HIPAA. Under HITECH, business associates of HIPAA-covered entities, such as contractors, must comply with HIPAA privacy and security requirements. The Act strengthened rules related to disclosure of PHI for marketing and fundraising and prohibits the sale of PHI without an individual’s authorization. The Act also requires HIPAA-covered entities to notify individuals and HHS of any breach of unsecured PHI and to report breaches affecting more than 500 residents of a state or jurisdiction to media outlets in the affected area.
To learn more, click on the link below:
https://aspe.hhs.gov/report/minimizing-disclosure-risk-hhs-open-data-initiatives/key-legislation
Should you have any questions or concerns, contact us via the following:
- Chatbox/window on your Complete Compliance Suite screen.
- Telephone: 877-560-4261
- Email: support@epicompliance.com