Skip Navigation

HITECH Act Reports to Congress

The Health Information Technology for Economic and Clinical Health (HITECH) Act requires the Secretary of the Department of Health and Human Services ("the Secretary") to prepare and submit annual reports on breach notifications and compliance with the Privacy and Security Rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HITECH Act also requires that each report be made available to the public on the web site of the Department.

  • The breach notification report provides an overview of the breach notification requirements and discusses the reports the Secretary received as a result of these new requirements.

        Report to Congress on Breach Notifications

  • The report on compliance with the HIPAA Rules summarizes complaints received by the Department of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164.

        Report to Congress on Compliance with the HIPAA Privacy and Security Rules