Most people are well conversant with HIPAA compliance standards and regulations that aim at controlling how health care providers are regularly protecting the privacy and the security of the patient’s data. What about HITECH compliance?

Explaining HITECH Act

This is a rule that mandates all the health care providers to check and confirm that they are compliant with the HIPAA security rule that was made effective in 2005 and the privacy rule that was put into place in 2003. Remember that HIPAA regulations require all the health care providers to frequently check and update their standards, safeguards, and policies that touch on the security and privacy of the patient’s information.


One of the most necessary statements of the HITECH Act is that in case any Health care provider “willfully neglects” the requirements placed upon them by the HIPAA regulation, will face mandatory penalties. Though there is ambiguity in the meaning of the word “willful”, the act calls the providers to regularly update their policies.

Measures Put Into Place

  • Business associates must comply with HIPAA.
  • All health care providers must regularly perform security checks.
  • Finally, financial penalties were introduced to those who failed to observe the first two measures.

Currently, the KPMG is the company that is performing the audits, with the contract given to them by the Office of Civil Rights. OCR has been mandated to enforce privacy and security policies and has been investigating any situation where the health care providers have breached the two regulations.


It is, therefore, the responsibility of every Health care provider to ensure that they are adhering to the regulations set. There have been various cases reported concerning data breaches by healthcare providers. There have been minimal actions taken to sue the healthcare providers but with time there will be more action seen as the regulations become more clear.

Leave a Reply