In plain terms. The HITECH Act, part of the 2009 Recovery Act, strengthened HIPAA by introducing mandatory breach notification, extending HIPAA obligations and direct liability to business associates, and increasing civil penalties. It markedly raised the stakes for safeguarding electronic protected health information across the healthcare supply chain.
Citation. Pub. L. 111-5 (Feb. 17, 2009); 42 U.S.C. §§ 17921-17954.
45 C.F.R. Parts 160 and 164 (Breach Notification & Omnibus Rule)