It's a living legal community making laws accessible and interactive. Click Here to get Started »
Health Information Technology for Economic and Clinical Health Act (HITECH)
From lawbrain.com
HITECH is a U.S. law that requires data breach notice of unauthorized use or disclosure of unencrypted personal health information.
Contents |
Overview
The Health Information Technology for Economic and Clinical Health Act (HITECH)[1] was enacted under the American Recovery and Reinvestment Act of 2009. In addition to extending existing privacy and security provisions under HIPAA, and increasing civil and criminal penalties for non-compliance, HITECH requires data breach notification for unauthorized uses and disclosures of “unsecured PHI” (unencrypted personal health information). These breach notification requirements are similar to most state data breach laws related to personally identifiable information. Additionally, patients whose health providers have an electronic health record (EHR) system in place have a right to access their electronic personal health information (ePHI), and they can have their records sent to a third party for a fee equal to the costs incurred to produce the records. Finally, HITECH provides that business associates of organizations subject to HIPAA, including accounting firms, billing agencies and law firms, are now subject to the same data privacy and security requirements as the HIPAA-regulated organizations they work with.
References
External Links
Related Resources on FindLaw
Related Blogs on FindLaw
Web Services by Yahoo!
See Also
- Health Insurance Portability and Accountability Act (HIPAA)
- U.S. Privacy Law
- American Recovery and Reinvestment Act of 2009 (ARRA)
Contributors