Skip to main content
Full access
Professional News
Published Online: 1 January 2010

Summary Timeline for HITECH Requirements for Providers Covered Under HIPAA

Note that compliance deadlines are subject to change.

Already in effect

•. 
As of 2-17-09: Civil penalties for HIPAA violations increase for covered entities.
•. 
As of 2-17-09: State attorneys general may bring HIPAA enforcement action against covered entities.
•. 
As of 8-16-09: Each Department of Health and Human Services (HHS) region is to provide guidance and education to covered entities, patients, and business associates.
•. 
As of 9-23-09: Covered entities and their business associates must comply with HITECH's breach notification provisions (in addition to state law requirements).

February 2010

•. 
HHS must have a broad program to educate individuals about their HIPAA rights.
•. 
Business associates must comply with HIPAA's Security Rule and are subject to HIPAA's (increased) civil and criminal penalties.
•. 
State attorneys general can bring HIPAA enforcement action against business associates (in addition to covered entities).
•. 
Employees and other individuals are subject to HIPAA's criminal fines and penalties.
•. 
HHS is required to conduct audits of covered entities and business associates.
•. 
There is a new type of business associate—data transmission entities (for example, health information exchange organizations, regional health information organizations, e-prescribing gateways, vendors of personal health records).
•. 
Covered entities have to comply with patient's request to restrict disclosure to health plans for self-pay services.
•. 
Patient access to covered entity's electronic health record—patients have the right to obtain copies of a covered entity's electronic health record in electronic form.
•. 
Covered entities must limit PHI, to the extent practicable, to limited data set, or, if necessary, to minimum necessary (regulations /guidance coming).
•. 
Further restrictions on using patient information for marketing purposes.

2011

•. 
If a covered entity's electronic health record was acquired after January 2009, covered entities and business associates must account for disclosures of the electronic health record even if disclosure is for treatment, payment, or health care operations (regulations coming).
•. 
HHS must investigate complaints of willful neglect and, if substantiated, must impose statutory penalty—at least $10,000-$50,000 per violation.
•. 
HHS and state attorneys general can pursue civil HIPAA violations in cases where criminal penalty could attach, but the Department of Justice declines to pursue.

2012

•. 
Individuals can recover a percentage of penalties implosed or settlement proceeds from HIPAA investigations.

2014

If a covered entity's electronic health record was acquired before January 2009, covered entities and business associates must account for disclosures of the electronic health record even if disclosure is for treatment, payment, or health care operations (regulations coming).

Information & Authors

Information

Published In

History

Published online: 1 January 2010
Published in print: January 1, 2010

Authors

Metrics & Citations

Metrics

Citations

Export Citations

If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

For more information or tips please see 'Downloading to a citation manager' in the Help menu.

Format
Citation style
Style
Copy to clipboard

View Options

View options

Login options

Already a subscriber? Access your subscription through your login credentials or your institution for full access to this article.

Personal login Institutional Login Open Athens login

Not a subscriber?

Subscribe Now / Learn More

PsychiatryOnline subscription options offer access to the DSM-5-TR® library, books, journals, CME, and patient resources. This all-in-one virtual library provides psychiatrists and mental health professionals with key resources for diagnosis, treatment, research, and professional development.

Need more help? PsychiatryOnline Customer Service may be reached by emailing [email protected] or by calling 800-368-5777 (in the U.S.) or 703-907-7322 (outside the U.S.).

Media

Figures

Other

Tables

Share

Share

Share article link

Share