ARRA provides approx. $180 billion USD for healthcare spending (current expenditure), and approx. $23 billion of that is focused on IT upgrades and modernization. This money is targeted to the states, who will then provide the funds to the healthcare providers.
In addition to IT upgrades, there are additional requirements on top of HIPAA. The same regulations that applied to providers under HIPAA now extend to business associates, as well as employees of the “covered entities”. It also subjects business associates to the same potential civil and criminal liability for breaches as covered entities.
To ensure adoption of an Electronic Health Record (EHR), more patients need to feel confident about how their medical data is being protected. To ensure citizens are informed about their data security, a breach notification clause is included forcing providers to notify HHS, and in some cases the media directly in case of breach. This is similar to the data protection laws in effect in California since 2003. The FTC has the responsibility for announcing these breaches, bringing a new agency into the healthcare privacy arena.