HIPAA Security Rule Recognized Security Practices Video

In January of 2021, an amendment to the HITECH Act, known as HR 7898, was signed into law. The law has several nicknames, including the Cybersecurity Best Practices Bill, the HIPAA Security Rule Safe Harbor Law, and the HIPAA Security Rule Recognized Security Practices bill. While the bill has several nicknames, it does not yet have any specific enforcement rules.

Under the new law, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), when deciding whether to penalize the organization, must consider whether an entity used recognized security practices in the year preceding a violation. If an organization has done so, OCR may mitigate fines, terminate an audit early and favorably, or impose less onerous provisions in a resolution agreement on the organization that violated the Security Rule. The details of what exactly OCR must consider, and how exactly penalties will be mitigated, await rulemaking for eventual enforcement. Details of how OCR has sought to gather information needed for rulemaking are provided below.

HIPAA Security Rule Recognized Security Practices Video: Just One More Question

In April of 2022, OCR issued a public Request for Information (RFI), seeking public comment on how HIPAA covered entities are implementing recognized security practices. The comment period closed on June 6, 2022. A total of 91 public comments were submitted.

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

Easiest To Do Business With Summer 2024

HIPAA Security Rule Recognized Security Practices Video: It’s Showtime!

Now armed with public commentary, OCR has announced that it will produce a pre-recorded video presentation for HIPAA covered entities and business associates on HIPAA Security Rule recognized security practices. 

News alert: the video on cybersecurity best practices will be released in the summer of 2022, with the exact date to be announced shortly.

The purpose of the HIPAA Security Rule Recognized Security Practices video is not to create a summer blockbuster. Rather, to educate healthcare organizations on what recognized security practices are and how they may demonstrate implementation of them. In June 2022, OCR solicited questions about recognized security practices that may be addressed during the video presentation. 

OCR Presents: What, No Intermission?

Topics to be addressed in the video include:

  • The 2021 HITECH Amendment regarding recognized security practices
  • How regulated entities can adequately demonstrate that recognized security practices are in place
  • How OCR is requesting evidence of HIPAA Security Rule recognized security practices
  • Resources for information about recognized security practices
  • OCR’s Request for Information (RFI) on recognized security practices

The speaker will be Nicholas Heesters, OCR Senior Advisor for Cybersecurity.

HIPAA and State Privacy Compliance

Satisfy state and federal HIPAA laws with streamlined software.

Global CTAs Image