Lexology May 5, 2022
Davis Wright Tremaine LLP

Just one month remains to comment on the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ (OCR) current Request for Information (RFI), which seeks public input on the implementation of two statutory provisions related to HIPAA:

  • (1) How HIPAA-covered entities and business associates can adequately demonstrate the adoption of “recognized security practices” when OCR considers potential violations of the HIPAA Security Rule; and
  • (2) How to distribute to harmed individuals portions of penalties and settlement amounts it collects.

Organizations may wish to comment in order to advocate for practical means of demonstrating the adoption of sound security practices and address thorny issues surrounding who is “harmed” and how they should be compensated, which could...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HHS, HIPAA, Provider
Related Articles:
Not 1, Not 2, but 6 Settlements
HIPAA Security Rule: Big Changes May Be Coming for Covered Entities & Business Associates
Perceived industry compliance failures prompt stringent proposed HIPAA Security Rule
Proposed Changes to the HIPAA Security Rule Will Have a Significant Impact on the Health Care Sector
HHS’ Proposed HIPAA Changes Are a Step in the Right Direction, But Some Providers May Struggle to Comply

Share This Article