The past several years have proven difficult for healthcare entities due to increasing cybersecurity threats, breaches and regulatory enforcement. Following these trends, on April 6, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) soliciting public comment on how regulated entities are voluntarily implementing security practices under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) and also seeking public input on sharing funds collected through enforcement with individuals who are harmed by Health Insurance Portability and Accountability Act of 1996 (HIPAA) rule violations.
On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or mitigation remedies. The new law provides a strong incentive to covered entities and business associates to adopt “recognized cybersecurity practices” and risk reduction frameworks when complying ...
Blog Editors
Recent Updates
- Podcast: Unveiling Gender-Affirming Care: Why It Matters and What’s at Stake – Diagnosing Health Care
- Importance of Negotiating Maintenance, Repair and Replacement Obligations in Health Care Leases
- Unpacking Averages: Assessing the Products Included in FDA's Voluntary Malfunction Summary Reporting Program
- Federal Update on Cannabis Scheduling: Are State Legalized Cannabis Dispensaries to Become Pharmacies?
- HHS Extends the Antidiscrimination Provisions of the Affordable Care Act to Patient Care Decision Support Tools, Including Algorithms