Cybersecurity Trends in Healthcare: HR 7898
On January 5, 2021, legislation was signed into law known as HR 7898. HR 7898 requires the Department of Health and Human Services (HHS) to incentivize healthcare organizations’ cybersecurity best practices. In essence, should a healthcare organization be breached and an investigation into their HIPAA compliance ensues, the HHS would consider whether or not the organization implemented “recognized security practices” prior to the occurrence of the breach.
HR 7898 defines “recognized security practices” broadly, to mean:
- Standards, guidelines, best practices, methodologies, procedures, and processes developed under the National Institute of Standards and Technology Act (NIST Act).
- The cybersecurity practices developed under section 405(d) of the Cybersecurity Act of 2015.
- Programs and practices that are developed in, recognized by, or set forth in federal laws other than HIPAA.
Healthcare organizations that can prove that they implemented a recognized cybersecurity framework will be given technical assistance from the HHS, rather than being subjected to costly HIPAA fines.
Cybersecurity Trends in Healthcare: NIST Cybersecurity Guide
In 2008, the National Institute of Standards and Technology (NIST) published guidance for how healthcare organizations were expected to implement HIPAA Security Rule requirements. Although the guidance was sufficient at the time, NIST has seen the need to update their guidance to account for new threats to healthcare cybersecurity. The current NIST Cybersecurity Resource Guide is designed to educate readers and amplify their awareness of resources relevant to the Security Rule, and provide detailed implementation guidance for covered entities and business associates. This guide was meant to simplify HIPAA Security Rule requirements to make it easier for healthcare organizations to understand, however, with the passing of HR 7898, NIST has determined that a more detailed guide would be beneficial. The new guide is still under development.