We have found that some are unfamiliar with the Information Technology for Economic and Clinical Health Act also known as “HITECH”. Therefore, we hope this article provides helpful information. HITECH was enacted as part of the American Recovery and Reinvestment Act in 2009 (the “Stimulus Funds”). HITECH expanded the privacy and security rules under HIPAA, including extending liability for security and privacy breaches to the business associates of covered entities under HIPPA. As such, third parties who receive protected health information from a covered entity must execute a written agreement confirming its responsibility to appropriately protect health information from data breaches. The term business associate is broadly defined to include any third party who creates or receives protected health information from a covered entity. Thus, a business associate may include IT specialists, management consultants, accountants or attorneys. Under HITECH the penalties for noncompliance are also more severe than under the original enactment of HIPPA. Finally, HITECH is known for its incentives and penalties regarding electronic medical records and its meaningful use requirements. Requirements of HITECH were implemented on January 17, 2013 under the Omnibus Final Rule. For more information, please contact our office at firstname.lastname@example.org.