Page to be completed!
To encourage the widespread use of electronic data interchange in healthcare, the U.S. Congress passed the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II). HIPAA also requires the Department of Health and Human Services to establish national standards that address the security and privacy of health information. The Health Information Technology for Economic and Clinical Health Act (HITECH) was enacted in 2009 as part of the American Recovery and Reinvestment Act to promote the adoption of health information technology. HIPAA and HITECH were updated in 2013 when the Omnibus Rule was released. The challenge for IT departments lies in identifying the controls required to ensure the security and privacy of this data while proving to auditors that each control has been properly implemented, maintained, and monitored.