HITECH Act

HITECH Act Compliance

What is the HITECH Act?

In February of 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect. The HITECH Act applies to “HIPAA covered entities and their business associates that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured protected health information…”

The various information security segments of the HITECH Act were developed to help organizations that handle Personal Health Information (PHI) prevent fraud, hacking, and other security threats by leveraging technology that can be used to render PHI unusable to unauthorized individuals. For more information about the HITECH Act, please visit: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/guidance_breachnotice.html

How does the HITECH Act affect my organization?

Any business associates of HIPAA-covered entities who provide transmission of protected health information and/or require access to that information are required to comply with regulations established by the HITECH Act. In addition, Personal Health Record (PHR) vendors who have contracts with entities covered by the HITECH Act are also required to meet HITECH Act compliance requirements. Entities required to meet HITECH Act compliance requirements include:

  • Medical transcriptionists
  • Contracted lab and radiology departments
  • Third-party billing agencies
  • Hospital couriers
  • Collection agencies
  • Pharmacies with hospital contracts
  • Consultants
  • Off-site storage facilities

How does SecureZIP help meet HITECH Act compliance requirements?

Because SecureZIP encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit. Because of its strong encryption, SecureZIP meets FIPS 140-2 requirements, a key component of the HITECH Act. SecureZIP also provides encryption processes for data at rest that are consistent with NIST guidelines. For more information on how SecureZIP helps address HITECH Act compliance requirements, please read our HITECH Act Solution Brief.

Customer Success Story: HITECH Act Compliance

One of the nation’s largest Medicare administrators used SecureZIP to not only meet HITECH Act compliance requirements, but to exchange data securely with outside business partners. To learn more, please download the Gartner Case Study: CMS Data-sharing Project Highlights the Benefits of a Multi-platform Approach.

In addition to meeting the requirements outlined by the HITECH Act, SecureZIP helps solve several other data security issues that organizations are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.