The Health Information Technology for Economic and Clinical Health Act or HITECH was passed by the Congress three years ago. Among its provisions, HITECH sought to strengthen privacy and security measures over health information. Specifically, it added new privacy and security requirements for business associates, established new breach notification requirements, and enhanced enforcement efforts.