HIPAA Security Rule Recognized Security Practices Video

In January of 2021, an amendment to the HITECH Act, known as HR 7898, was signed into law. The law has several nicknames, including the Cybersecurity Best Practices Bill, the HIPAA Security Rule Safe Harbor Law, and the HIPAA Security Rule Recognized Security Practices bill. While the bill has several nicknames, it does not yet have any specific enforcement rules.

Under the new law, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), when deciding whether to penalize the organization, must consider whether an entity used recognized security practices in the year preceding a violation. If an organization has done so, OCR may mitigate fines, terminate an audit early and favorably, or impose less onerous provisions in a resolution agreement on the organization that violated the Security Rule. The details of what exactly OCR must consider, and how exactly penalties will be mitigated, await rulemaking for eventual enforcement. Details of how OCR has sought to gather information needed for rulemaking are provided below.

HIPAA Security Rule Recognized Security Practices Video: Just One More Question

In April of 2022, OCR issued a public Request for Information (RFI), seeking public comment on how HIPAA covered entities are implementing recognized security practices. The comment period closed on June 6, 2022. A total of 91 public comments were submitted.

Let’s Simplify Compliance

Do you need help with HIPAA cybersecurity? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

HIPAA Security Rule Recognized Security Practices Video: It’s Showtime!