To embed, copy and paste the code into your website or blog:
On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act.[1] As the healthcare industry continues to serve as one of the top targets for cybersecurity threat actors, the amendment creates a “HIPAA safe harbor” that should hopefully provide some much-needed relief to those beleaguered covered entities and business associates that have spent years and significant dollars to implement cybersecurity best practices. This new safe harbor requires that when calculating fines, evaluating audits or reviewing proposed mitigation steps, the Department of Health & Human Services (HHS) consider whether the covered entity or business associate adequately demonstrated that it had in place “recognized security practices” for at least 12 months prior that would: