HIPAA 2021: Eight Expectations for the Year Ahead

In 2021, HIPAA covered entities and business associates can expect a variety of changes with respect to how HIPAA is regulated and enforced. Eight specific HIPAA 2021 changes are discussed below.

HIPAA 2021: 1. Cybersecurity Safe Harbor

HIPAA 2021

In early January of 2021, President Trump signed into law H.R. 7898, which has been nicknamed as the “HIPAA Cybersecurity Recognized Best Practices Bill.” The bill amends the  HITECH Act to require the Department of Health of Human Services to consider whether a covered entity or business associate has met recognized security practices when HHS makes certain determinations, such as whether to bring an enforcement action, select an entity for an audit, or issue a monetary penalty.

Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.

The bill requires HHS to consider whether the covered entity or business associate has adequately demonstrated that it had, for not less than the previous 12 months, recognized security practices in place. If these measures were in place, HHS can lower the amount of a fine and decrease the length and extent of an audit. 

“Recognized security practices” include:

  • Standards, guidelines, best practices, methodologies, procedures, and processes developed under the National Institute of Standards and Technology Act (NIST Act).
  • The cybersecurity practices developed under section 405(d) of the Cybersecurity Act of 2015.
  • Programs and practices that are developed in, recognized by, or set forth in federal laws other than HIPAA. 

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

HIPAA 2021: 2. Proposed Regulatory Changes to Privacy Rule

HIPAA 2021 changes may be coming to the HIPAA Privacy Rule. Recently, HHS proposed significant changes to the Privacy Rule, which include the following. 

Reducing Identity Verification Burdens.

Under the proposed changes, providers and health plans would be required to submit individual access requests to another provider, and to receive back the requested electronic copies of the individual’s PHI in an electronic health record (EHR). Providers and health plans would be required to respond to certain records requests received by other providers and health plans when directed by individuals under the right of access.

Improving Information Sharing.

To improve information sharing, HHS has proposed to modify the Privacy Rule to state that under the proposed changes, covered entities need not limit certain uses and disclosures of PHI to the minimum necessary to accomplish the purpose of each