Skip to main content
Compliance & Legal

HITECH Act

A 2009 law that strengthened HIPAA enforcement, penalties, and breach notification requirements.

The HITECH Act (Health Information Technology for Economic and Clinical Health Act), enacted in 2009, strengthened HIPAA by increasing penalties for violations, promoting the adoption of electronic health records, and extending liability directly to business associates.

HITECH also introduced the mandatory breach notification requirements, obligating covered entities and their vendors to notify affected individuals, HHS, and in some cases the media when unsecured PHI is compromised.