• Print

Health IT Legislation and Regulations

Health IT Legislation

HITECH Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 [PDF - 266 KB} provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange. Learn more about select portions of the HITECH Act that relate to ONC’s work.

FDASIA

Section 618 of the Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 directed the Secretary of Health and Human Services, acting through the Commissioner of the U.S. Food and Drug Administration (FDA), and in consultation with ONC and the Chairman of the Federal Communications Commission, to develop a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework for health IT, including medical mobile applications, that promotes innovation, protects patient safety, and avoids regulatory duplication. The Health IT Policy Committee formed a FDASIA workgroup and issued recommendations to ONC, FDA, and FCC as of the September 4th, 2013 HIT Policy Committee meeting.

View the full collection of FDASIA Section 618 related activities.

Read the draft FDASIA Health IT Report Proposed Risk Based Regulatory Framework report [PDF - 438 KB] for public comment. Additional activities related to the draft report, including public meetings and instructions on how to submit public comments will be made available on an ongoing basis.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects health insurance coverage for workers and their families when they change or lose their jobs, requires the establishment of national standards for electronic health care transactions, and requires establishment of national identifiers for providers, health insurance plans, and employers.

The HHS Office for Civil Rights administers the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule describes what information is protected and how protected information can be used and disclosed. The HIPAA Security Rule describes who is covered by the HIPAA privacy protections and what safeguards must be in place to ensure appropriate protection of electronic protected health information.

The Centers for Medicare and Medicaid Services administer and enforce the HIPAA Administrative Simplification Rules, including the Transactions and Code Set Standards, Employer Identifier Standard, and National Provider Identifier Standard. The HIPAA Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.

Affordable Care Act

The Affordable Care Act of 2010 establishes comprehensive health care insurance reforms that aim to increase access to health care, improve quality and lower health care costs, and provide new consumer protections.

Last updated: Thursday, April 3, 2014