Lexology August 30, 2021
Holland & Knight LLP

An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider “recognized security practices” in investigations related to Health Insurance Portability and Accountability Act (HIPAA) (HR 7898, Pub. L. 116-231). If a covered entity or business associate had “recognized security practices” in place for at least 12 months, HHS must take that into account when assessing fines or remedies, or determining the appropriate length of an audit. HHS’s Office for Civil Rights (OCR) is now inquiring about such practices in its inquiries and audits.

A. What are “recognized security practices”?

The revisions to the HITECH Act define “recognized security practices”...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HIPAA, Provider, Technology
Related Articles:
Addressing The HIPAA Blind Spot For Crisis Pregnancy Centers
6 Important Takeaways for HIPAA Covered Entities and Business Associates from 2024 NIST HHS OCR Conference
HHS settles 2 ransomware investigations as attacks rise
Safeguarding Health Information: Takeaways from HHS and NIST 2024 HIPAA Security Conference
White House OMB is reviewing proposed cybersecurity updates to HIPAA

Share This Article