The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law as part of the American Recovery and Reinvestment (ARRA) Act of 2009. The main focus of HITECH was to encourage the use of health information technology. Several changes were made with this legislation, including that business associates are now subject to the same requirements as covered entities. Not only do you have to comply with all of the HIPAA rules but now your answering service, CPA, attorney and other professional service organizations, that may see PHI, also have to comply. Penalties have increased and are now being levied. Fines range from $100 in a “did not know” offense to $1,500,000 for “willful neglect”. If a breach does happen that is over 500 records, the media must be notified. Finally, each State Attorney General may now prosecute separately from the Department of Health and Hospitals Secretary (HHS) making fines a serious issue in the event of a breach.