Skip Navigation LinksHIPAA-and-HITECH

aaa print

HIPAA and HITECH

   
What is HITECH?
The Health Information Technology for Economic and Clinical Health (HITECH) Act was passed as a part of the American Recovery and Reinvestment Act (ARRA) of 2009. It strengthened the Privacy provisions of HIPAA and made them applicable to Business Associates of HIPAA Covered Entities. It also required additional enforcement activities for the HIPAA rules and established reporting requirements and penalties when breaches of patient protected health information occur.

Download the HIPAA Privacy Manual (Template) View Disclaimer

Download the HIPAA Security Manual (Template) View Disclaimer

HIPAA and the Genetic Information Nondiscrimination Act of 2008 (GINA)
Several GINA related terms are defined in the Final Rule; most notably, the definition of “health information” has been modified to include genetic information.

The Final Rule also explicitly designates that genetic information is health information, for purposes of the HIPAA Privacy Rule, and prohibits all health plans covered by the HIPAA Privacy Rule from using or disclosing protected genetic information for underwriting purposes.

Providers
The National Provider Identifier (NPI) was established to replace the variety of provider identifiers required by payers and clearinghouses when conducting HIPAA standardized transactions.

Click here to apply for a National Provider Identifier
Click here for Frequently Asked Questions regarding the NPI.

Employers
HIPAA requires that all employers who are Covered Entities have standard national identifiers for use in standardized transactions. The Employer Identification Number (EIN) established by the Internal Revenue Service, was selected effective July 30, 2002.

Health Plans
The US Centers for Medicare and Medicaid Services (CMS) established the National Plan and Provider Enumeration System (NPPES) to assign unique identifiers to both health plans and providers as mandated by HIPAA. However, at this time, the NPPES is only assigning NPI.

Individuals
While HIPAA originally mandated the use of a unique patient identifier, no such identifier has yet been established. The National Committee on Vital Health Statistics has published a white paper addressing the requirements of a Unique Health Identifier for Individuals.

Frequently Asked Questions

Additional Resources

For more information on HIPAA, e-mail HIPAA@aap.org.

Disclaimer: This information is general in scope and educational in nature. It is not intended as legal advice. If you require legal advice, contact an attorney.

The recommendations in this publication do not indicate an exclusive course of treatment or serve as a standard of medical care. Variations, taking into account individual circumstances, may be appropriate. This content is for informational purposes only. It is not intended to constitute financial or legal advice. A financial advisor or attorney should be consulted if financial or legal advice is desired.