Briefings on HIPAA: Inside the HIPAA Safe Harbor law

H.R. 7898 became law on January 5, 2021, and amended the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the secretary of HHS to consider certain recognized security practices of covered entities (CE) and business associates (BA) when making certain determinations, and for other purposes.

Lee Barrett, executive director and CEO of the Electronic Healthcare Network Accreditation Commission, says the messages to CEs and BAs about this HITECH amendment include:

  • Consistent compliance and cyber hygiene is a good thing. If you’re a HIPAA CE or BA and you’ve had current privacy/security and cybersecurity policy and technical controls in place for more than 12 months, good for you. You are being rewarded by lessened compliance and fine enforcement should you be subject to a breach.
  • A gap analysis is in order. If you do not have current privacy/security/cybersecurity policies and technical controls in place, you should prioritize completing a gap analysis. Identify where your organizational behavior can be strengthened and implement policies and procedures and technical controls that attempt to prevent a cyberattack or security incident/breach.
  • Plan for when a breach occurs. Having workforce members trained, the technical controls configured and documented, and the contact information for all related parties at hand will help mitigation occur as seamlessly as possible. Some organizations lose their businesses entirely when attacked. Don’t be one of them.

To read the full article, visit HCPro’s Revenue Cycle Advisor.