in the news
June 1, 2022
The Office of Civil Rights (OCR) is requesting public comment on how regulated organizations are voluntarily implementing security practices under the Health Information Technology for Economic and Clinical Health (HITECH) Act. Released a Request for Information (RFI) seeking We are also seeking public input on sharing funds collected through enforcement with individuals affected by Health Insurance Portability and Accountability Act (HIPAA) violations.
The OCR’s request for comment on the HITECH Act’s provisions on “recognized security practices” encourages many covered entities to adopt best practices and adhere to the National Institute of Standards and Technology and other industry standards. It represents a commitment to recognize the work we are doing to strengthen cybersecurity. writes her partner Reece Hirsch. However, it remains to be seen to what extent OCR takes recognized security practices into account in order to mitigate penalties or avoid enforcement actions.
“RFI is like a double-edged sword. Focusing on recognized security practices suggests a more equitable and targeted entity-friendly approach to HIPAA enforcement,” Reece noted. To do. “On the one hand, creating a HIPAA whistleblowing mechanism, focused on sharing civil fines and settlements, could lead to a surge in HIPAA enforcement activity.”
Read full text medical risk management Article >>
Subscription may be required.