Lexology May 5, 2022
Davis Wright Tremaine LLP

Just one month remains to comment on the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ (OCR) current Request for Information (RFI), which seeks public input on the implementation of two statutory provisions related to HIPAA:

  • (1) How HIPAA-covered entities and business associates can adequately demonstrate the adoption of “recognized security practices” when OCR considers potential violations of the HIPAA Security Rule; and
  • (2) How to distribute to harmed individuals portions of penalties and settlement amounts it collects.

Organizations may wish to comment in order to advocate for practical means of demonstrating the adoption of sound security practices and address thorny issues surrounding who is “harmed” and how they should be compensated, which could...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HHS, HIPAA, Provider
Related Articles:
Protecting Health Data Without Harming Patients: Overcoming the Barriers That Limit Our Access to Our Personal Health Information
If data is the new oil, there’s going to be war over it
Epic cuts data access to startup over alleged misuse
Health records giant Epic cracks down on startup for unauthorized sharing of patient data
2023 in Review: The Rise of Healthcare Data Privacy Regulations

Share This Article