The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about misuses of Protected Health Information (PHI).

When a misuse of PHI occurs, HIPAA requires covered entities to conduct a thorough, good-faith analysis to determine whether the misuse rises to the level of a breach. A “breach” is the unauthorized acquisition, access, use, or disclosure of unsecured PHI which compromises the security or privacy of such information.