Health Information Technology for Economic and Clinical Health Act (HITECH)

The Health Information Technology for Economic and Clinical Health Act (HITECH) is a significant piece of U.S. legislation enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009. It aims to promote the adoption and meaningful use of health information technology, particularly electronic health records (EHRs). HITECH was developed to accelerate the spread of technology that could improve healthcare quality, safety, and efficiency in the United States.

HITECH Act of 2009

The HITECH Act of 2009 laid the groundwork for the widespread adoption of electronic health records and supported technology in the U.S. healthcare system. With an initial investment of over $25 billion, the act incentivizes healthcare providers to adopt EHRs through financial incentives from Medicare and Medicaid. These incentives are given to healthcare providers that demonstrate “meaningful use” of digital health records, which includes specific criteria like improving care coordination, reducing healthcare disparities, and maintaining the privacy and security of patient information.


The HITECH law significantly expands the scope of privacy and security protections available under the Health Insurance Portability and Accountability Act (HIPAA), increasing the legal liability for non-compliance and providing more stringent enforcement measures. A key component of HITECH is the requirement for health entities to report data breaches affecting more than 500 individuals directly to the U.S. Department of Health and Human Services (HHS), the affected individuals, and, in certain cases, to the media. This provision aims to enhance transparency and accountability in the management of patient data.

HITECH Compliance

HITECH compliance involves adhering to the enhanced HIPAA regulations as modified by the HITECH Act. Compliance is critical for healthcare providers, health plans, and other entities that handle health information. To comply with HITECH, these organizations must implement a series of administrative, physical, and technical safeguards to protect electronic health records. This includes conducting regular risk assessments, employing strong data encryption methods, and ensuring that their business associates are also in compliance with the regulations.

HITECH Certification

HITECH certification refers to the process by which healthcare providers demonstrate meaningful use of EHR technology. Certification is granted by the Office of the National Coordinator for Health Information Technology (ONC) through approved testing bodies. To achieve HITECH certification, EHR systems must meet specific criteria that focus on the ability to capture and share data securely and use that data to improve quality of care. The certification ensures that the technology adheres to the standards and implementation specifications set by the HHS, helping providers meet compliance requirements and qualify for incentive payments.

HITECH Act Requirements

The requirements of the HITECH Act are primarily centered around the expanded use and enforcement of HIPAA rules to ensure the protection and confidential handling of electronic health information. Key requirements include:

  • Meaningful Use: Healthcare providers must show meaningful use of EHRs, which is measured through specific objectives that demonstrate the technology’s impact on the quality and efficiency of patient care.
  • Breach Notification: Organizations must report any security breach involving personal health information to affected parties and the HHS, often within 60 days of discovering the breach.
  • Enhanced Patient Access: Providing patients with electronic copies of their health information upon request.
  • Accounting of Disclosures: Keeping records of when and to whom personal health information is disclosed.


In summary, the Health Information Technology for Economic and Clinical Health Act (HITECH) serves as a cornerstone law in the U.S. that supports the widespread adoption and meaningful use of health information technology to improve healthcare outcomes, ensure security, and enhance patient care efficiency.