On October 31, 2022, the last day of National Cybersecurity Awareness Month, the U.S. Department of Health & Human Services (DHHS), Office for Civil Rights (OCR) published a new video presentation on “Recognized Security Practices” to assist HIPAA covered entities and business associates. Topics covered in the video include:
• The 2021 HITECH Amendment regarding recognized security practices
• How regulated entities can demonstrate that recognized security practices are in place
• Details about the evidence of recognized security practices that may be requested by OCR in the event of a HIPAA Security Rule investigation or audit
• Where to find more information about recognized security practices
• Answers to a selection of questions submitted to OCR in June 2022 on recognized security practices.
By way of background, on January 3, 2020, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended, creating a kind of “safe harbor” for HIPAA covered entities and their business associates when facing potential fines and other penalties under HIPAA. If the covered entity or business associate can “adequately demonstrate” to the Secretary of DHHS that it had “recognized security practices” in place for at least the 12 month period prior to the conduct in question—HIPAA violation, breach event or audit—the Secretary may determine to mitigate any fines to be assessed, favorably terminate early an audit that has been undertaken, or mitigate the remedies in any settlement agreement that may be entered into between the covered entity or business associate and the government. In short, a covered entity or business associate that has experienced a data breach incident and is responding to the related DHHS investigation and document requests, or is otherwise under a HIPAA audit or investigation, may be able to reduce or eliminate fines and penalties if it can sufficiently demonstrate its implementation of recognized security practices.
For more information or if you need assistance with your HIPAA compliance program, please contact: Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com
*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.
This site uses cookies to store information on your computer. Some of these cookies are essential, while others help us to improve your experience by providing insights into how the site is being used. Click Accept to continue using the site with recommended settings, or choose Cookie Settings make changes.Privacy Policy
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
