HIPAA Essay

The Health Information Technology for Economic and Clinical Health Act, also known as the HITECH Act was signed into law on February 17, 2009. It was enacted as part of the American Recovery and Reinvestment Act, also known as ARRA. This Act was passed to encourage the adoption and meaningful use of health information technology (HHS, par 1) and to add changes to HIPAAs original provisions. The HITECH Act significantly modifies the Health Insurance Portability and Accountability Act, also known as HIPAA. HIPAA was originally enacted to protect patient information because of the growing use of information technology in healthcare. Some of HIPAA’s privacy rules went into effect in 2002, while security rules went into effect in 2003. The HITECH …show more content…
Under HITECH, organizations and/or individuals that meet the definition of a BA must comply with HIPAA, even without a business associate agreement (BAA). HITECH also requires organizations and/or individuals who meet the definion of a BA to comply with certain provisions of HIPAA, which include breach notification and restrictions on the sale of health information, and subjecting them to the same criminal and civil penalties that CEs face when a law is violated. As for before HITECH, HIPAA only required that BAs were bound by the law by virtue of their association with one or more CEs (Brodnik 220). Under HITECH, covered entities and BAs are not allowed to sell patient information without the authorization of the patient, even though there are some exceptions. For example, the authorization of a patient for release of their protected health information (PHI) is not required for public health and research data, a BA pursuant to a BAA, and an individual who is receiving a copy of his or her own