hitech-act-privacy

Installation
SKILL.md

HITECH Act Privacy and Security Requirements

Overview

The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5). HITECH fundamentally transformed HIPAA enforcement by establishing breach notification requirements, creating a four-tier penalty structure with significantly increased penalties, granting enforcement authority to state attorneys general, extending HIPAA Security Rule requirements directly to business associates, and tying privacy and security compliance to the Electronic Health Record (EHR) meaningful use incentive program. The 2013 Omnibus Rule (78 FR 5566) implemented most HITECH provisions into the HIPAA regulatory framework.

Breach Notification — HITECH §13402

Establishment of Federal Healthcare Breach Notification

Prior to HITECH, HIPAA had no breach notification requirement. HITECH §13402 created the obligation for covered entities and business associates to notify individuals, HHS, and in some cases the media, following a breach of unsecured PHI.

Key provisions enacted by HITECH:

Installs
10
GitHub Stars
187
First Seen
May 26, 2026
hitech-act-privacy — mukul975/privacy-data-protection-skills