What change did HITECH make regarding HIPAA’s scope?

HITECH expanded HIPAA's scope by extending protections to business associates—contractors, vendors, and IT providers who handle protected health information on behalf of covered entities. Before HITECH, HIPAA rules mainly covered health plans, providers, and clearinghouses, but didn’t directly impose requirements on these outside entities, leaving PHI less shielded in many business relationships. HITECH closed that gap by requiring business associates to sign accurate agreements (business associate agreements), bringing them under direct HIPAA enforcement and accountability. It also added breach notification requirements for breaches affecting individuals and increased penalties for noncompliance, further strengthening protections across the health information landscape. The other options misstate the impact: protections were not reduced or limited, and HIPAA was not eliminated.