HIPAA, HITECH, …and ARRA. How do they relate?

The terms HIPAA, HITECH, and ARRA are thrown around so often today that many people just read the HIPAA policy forms in the physician’s office, but have absolutely no context as to what it means.  The diagram below from the book, “Telehealth Security: An Examination of Variance in Telehealth Security Breaches”, provides a high-level explanation for how these terms relate. It is required, by law, for healthcare facilities to be HIPAA (and HITECH) compliant.  HITECH Act was passed as a component of ARRA (“stimulus package”) in 2009.  As a result of evolving technology, HITECH seeks to protect technology infrastructures used in telehealth that were previously not covered under HIPAA.