proving 9/11 compensation claims
Proving 9/11 compensation claims. What You Need to Know.
June 10, 2018
Mobile Health Apps
FDA Adjusts to Tech Boom With Mobile Health Apps
June 11, 2018

HIPAA vs HITECH: What You Need to Know

Which one is better? HIPAA vs HITECH is a debate we often encounter in our industry. If you work in the legal, healthcare, insurance or related industries, you know that HIPAA is good. The Health Insurance Portability and Accountability Act, passed in 1996, provides data privacy and security provisions for safeguarding medical records. But, you may not know that HITECH is better.

The Health Information Technology for Economic and Clinical Health Act was passed in 2009 to promote the adoption and meaningful use of health information technology. It was based on growing evidence that the use of electronic health records (EHRs), especially when in combination with clinical decision support, can improve the quality, safety and coordination of healthcare. The federal government budgeted $27 billion in incentives for eligible healthcare providers and professionals to go electronic.

In other words, HITECH meant to force people to get with the program.HIPAA vs HITECH

And it has provided those of us who need to retrieve and review medical records with a simple yet powerful and cost-effective tool.

HITECH records requests are simpler and require less information to be filled out on the form. It is one page compared to three for HIPAA requests. There is no field for a social security number, which clients do not like to give out so freely.

The federal law also requires the records custodian who gets a HITECH request to respond within 30 days whereas there was no deadline with HIPAA. Healthcare providers could take as long as they wanted – and often did.


In addition to condensing the time it takes to get records, HITECH will cut your costs.

Attorneys who work mass tort, personal injury or workers compensation can spend thousands of dollars just gathering their clients’ medical records if they use HIPAA authorization requests. That’s because they can incur “search” fees (usually $5) and copy fees that can vary from hospital to hospital and state to state. Some states allow fees as high as $1 a page. In Alabama, it’s $1 for the first 25 pages and 50 cents for pages 26 and beyond. But even 25 cents a page can add up when we are talking about hundreds and hundreds of documents.

Even in cases where a hospital or healthcare provider only has paper records on a patient, the HITECH Act requires them to scan the documents (typically into pdf form) and transfer them electronically. They also have to reproduce nonpaper records, such as x-rays, and provide copies of those electronically. Providers can provide paper records only where there is absolutely no ability to produce the records in any kind of electronic format — and even then, they can’t charge a per-page fee. They can only charge for labor and materials.

That’s why I’m surprised when I find that large firms and national players still use HIPAA a majority of the time. Even those who are starting to use HITECH have found, as with everything, there is a learning curve.

At Smart Legal Solutions, we’ve been using HITECH for years and we request 95% or more of the records we need using HITECH.

We also have a system built into our process that makes us faster at retrieving records than anyone. Most of our record requests are prepaid with pre-authorized single-use credit cards — and that gets the documents to us faster. We stamp a bar code on our HITECH request forms so we know where the document belongs when it comes back. That gets the documents back to you faster.

Two tips from what we’ve learned at Smart Legal Solutions:

  • If a HITECH records request is denied, first call the records custodian before you resort to filing a complaint with the U.S. Department of Health and Human Services. (Click on “How to File Complaint” to see how.) We have found that most of the time, a phone call does the trick.
  • Do not send a HIPAA authorization with the HITECH records request. There is no need and it may cause confusion or for the healthcare provider to disregard the HITECH request and us the HIPAA one.
  • Clearly describe the nature of the sought after records and the dates of service. The clearer the request, the better the outcome will be.