HHS Office for Civil Rights Releases Webinar on Recognized Security Practices: Provides Guidance on Mitigating Potential Violations of HIPAA
Pursuant to legislation passed in 2021, covered entities and business associates subject to HIPAA and facing potential regulatory enforcement may receive some credit lessening to reduce enforcement penalties if they had implemented Recognized Security Practices (RSPs) within the prior 12 months. However, what may constitute RSPs and how a covered entity or business associate can demonstrate implementation of RSPs to receive such credit had not been clear. Now, the Department of Health and Human Services is seeking to provide clarity. (more…)
Digital Health Industry Take Note: New HIPAA Comment Opportunity and Guidance Addresses Growing Risk of Cybersecurity Attacks
Digital health companies should take note of new data privacy and security developments under the Health Insurance Portability and Accountability Act (HIPAA) that can affect product planning and customer negotiations.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has released a request for information (RFI) seeking input on (1) how covered entities implement recognized security practices, which OCR considers in enforcement matters and (2) the different types of harm that individuals experience from HIPAA violations in order to consider how OCR may share enforcement recoveries with individuals harmed. Digital health companies subject to HIPAA should consider submitting comments by the June deadline to ensure that the evolving digital health industry has a voice in establishing industry best practices and advocating for continued flexibility in the implementation of security standards that suit their unique business needs distinct from traditional covered entities and business associates. (more…)
