ARRA HITECH Act is concerned with defining the requirements for being compatible with the security and privacy regulations of the Privacy Rule. HITECH also facilitates the expansion of HIPAA Act EMR standards that aid in electronic exchange of health information on a national basis to make medical care more organized and transparent. It is also concerned with putting forth incentives for covered entities that adopt Electronic Health Records (EHR). With HITECH setting new benchmarks for clarifying the requirements to become HIPAA-compliant, those who choose to be non-compliant have become more vulnerable to civil penalties. Further, non-compliance with HIPAA Privacy Rule almost, entirely excludes covered entities from receiving any kind of financial incentive for adopting EHR.

The HITECH Act can be understood as a regulatory measure that has been introduced in anticipation of the sudden rise in the volume of healthcare practices adopting EHRs due to lucrative financial incentives offered by the ARRA. Due to the implementation of the HITECH Act, all healthcare facilities and covered entities who consider themselves eligible for receiving these financial incentives are ensuring that they are full compliant with the HIPAA benchmarks or they face the risk of not only losing out on the financial rewards but attracting civil or criminal liabilities.

Note: The Privacy Rule lays down the standards that should be followed to become HIPAA-compliant but it is the HITECH Act that elaborates on the criticality of following these norms and lays down enforcement, accountability, penalty and persecution-related guidelines for those involved in sharing or accessing PHI.

The HITECH Act is committed to the cause of seeing that healthcare facilities and practitioners adopting EHR methodologies do so within the realm of the HIPAA Privacy Rule regulations aimed at maintaining the sanctity of PHI. Major HIPAA compliance-related benchmarks that have been further defined under the HITECT Act include:

Defining Penalties that are imposed on healthcare professionals found guilty of Privacy Rule violations. Ensuring that access to medical data in the form of Electronic Health Records becomes a national standard for storing/accessing patient information. Laying down accountability clauses and defining penalties incurred on HIPAA-violating Business Associates (Check for an Interpretation of 'Business Associates' on http://www.edocscan.com/hitech-act-business-associate-agreement ). Introduction of strict standards like the need to issue Notifications for PHI breaches wherein informing the concerned patient whose PHI has been compromised is stressed upon.