HITECH Act definition and summary
The HITECH Act is a law that aims to expand the use of electronic health records (EHRs) in the United States. (HITECH stands for Health Information Technology for Economic and Clinical Health.) There are a number of provisions of the law that provide direct and indirect incentives to health care providers and consumers to move to EHRs, but the parts of the law of most interest to infosec professionals are those that tighten rules on providers to ensure that EHRs remain private and secure. Those latter aspects will be the main focus of this article.
The law tackles its security and privacy goals by extending the rules laid down by the pre-existing HIPAA law to more and different kinds of businesses, and by adding tougher reporting and enforcement provisions. As a result, much of the regulatory ecosystem that falls under the broad (and expensive) umbrella of HIPAA compliance today is actually a result of the passage of the HITECH Act.