Lexology May 5, 2022
Davis Wright Tremaine LLP

Just one month remains to comment on the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ (OCR) current Request for Information (RFI), which seeks public input on the implementation of two statutory provisions related to HIPAA:

  • (1) How HIPAA-covered entities and business associates can adequately demonstrate the adoption of “recognized security practices” when OCR considers potential violations of the HIPAA Security Rule; and
  • (2) How to distribute to harmed individuals portions of penalties and settlement amounts it collects.

Organizations may wish to comment in order to advocate for practical means of demonstrating the adoption of sound security practices and address thorny issues surrounding who is “harmed” and how they should be compensated, which could...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HHS, HIPAA, Provider
Related Articles:
Addressing The HIPAA Blind Spot For Crisis Pregnancy Centers
6 Important Takeaways for HIPAA Covered Entities and Business Associates from 2024 NIST HHS OCR Conference
HHS settles 2 ransomware investigations as attacks rise
Safeguarding Health Information: Takeaways from HHS and NIST 2024 HIPAA Security Conference
White House OMB is reviewing proposed cybersecurity updates to HIPAA

Share This Article