Lexology May 26, 2022
McGuireWoods LLP

  • In 2021, HITECH was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of HIPAA.
  • HHS now seeks public comment on what should be considered a recognized cybersecurity practice.
  • Covered entities and business associates should update their HIPAA compliance plans to incorporate the recognized cybersecurity practices, implement the identified security practices and ensure they have been actively and consistently used over the prior 12-month period of time.

On Jan. 5, 2021, Public Law 116-321 amended the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Department of Health and Human Services (HHS) to consider covered entities’ (most healthcare providers,...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HIPAA, HITECH, Technology
Related Articles:
3 Must-Know Cyber and Risk Realities: What’s Ahead for Health Care in 2025
If Einstein Was Your CISO: Cybersecurity Lessons From Words Of Wisdom
Stop Sleeping On AI: Why Security Teams Should Embrace The Technology
Client-Centric Cybersecurity: Bridging The Gap Between Threats And Clients
Q&A: Rural hospitals need help with cybersecurity survival

Share This Article