The Health Insurance Portability and Accountability Act (HIPAA) isn’t exactly new (it was created by Congress in 1996), but it was revised in January of this year to extend its reach well beyond the healthcare industry. Specifically, the HIPAA regulations that set standards for the storage, transmission and privacy of personal medical data now apply to the “business associates” of “covered entities”. This extension of HIPAA’s privacy and security rules is frequently referred to as “HITECH,” an acronym for the Health Information Technology for Economic and Clinical Health Act. The primary goal of HITECH legislation was to encourage and fund the general use of Electronic Health Records (EHR) by the healthcare industry, but it also expanded and elevated the compliance obligations of “Business Associates” under HIPAA to a level equal with that of Covered Entities.
Some useful HIPAA/HITECH terms to be familiar with: