The Health Information Technology for Economic and Clinical Health Act ("HITECH") provisions of the American Recovery & Reinvestment Act of 2009 ("ARRA") contain a number of changes affecting the compliance obligations of covered entities and business associates under HIPAA. Many of the key provisions of HITECH are effective as of February 17, 2010 and it is important to take appropriate steps to address these new compliance requirements. Some of these changes relate to: 

  • how a business associate must comply with HIPAA;
  • the HIPAA Privacy Regulations;
  • the HIPAA Security Regulations;
  • a new requirement that covered entities provide notification to individuals in the event their health information is breached;
  • strengthened rights for individuals to restrict disclosures of protected health information;
  • guidance on the minimum necessary standard and limited data sets;
  • the requirements for accounting of disclosures;
  • the marketing rules under HIPAA; and
  • increased obligations for the Secretary to periodically perform audits to insure compliance with HIPAA.

The attorneys at Tucker Arensberg have developed a HITECH Act Compliance Package to assist health care providers in complying with certain requirements of the HITECH Act relative to HIPAA. The HITECH Act Compliance Package includes the following:

  • an Addendum to current HIPAA Policy and Procedure Manuals which addresses the additional obligations placed upon covered entities under HITECH;
  • a Breach Notification Policy addressing the breach notification obligations provided for under Section 13402 of HITECH and the regulations published thereunder;
  • a HIPAA Business Associate Agreement Addendum (for use with current Business Associates);
  • a HIPAA Business Associate Agreement (for use with new Business Associates on a going forward basis); and
  • a form corporate consent document to be executed and maintained in the records of the practice following adoption of the Addendum.

The cost for the HITECH Act Compliance Package is $450. If you would like to purchase a HITECH Act Compliance Package, please contact Paul Welk via email at or by phone at 412-594-5536.