The AHA today urged the Department of Health and Human Services’ Office for Civil Rights to quickly initiate rulemaking for a legislative provision (H.R. 7898) enacted by Congress this year to recognize certain recommended security practices when making determinations related to Health Insurance Portability and Accountability Act audits, fines and resolution agreements.

“The law appropriately recognizes that covered entities and business associates, like all entities including the Federal Government, can never fully eliminate the risk of cyberattacks,” AHA wrote. “When the inevitable attack occurs, entities should not be penalized, but rather treated as the victims of a crime. The law translates this concept by allowing certain measures of regulatory relief if the HIPAA-covered entity or business-associate victim had in place federally recognized security practices, such as those defined under the National Institute of Standards and Technology (NIST) Cybersecurity Framework and developed under Section 405(d) of the Cybersecurity Act of 2015.”
 

Related News Articles

Headline
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…
Headline
Cyberattacks on hospitals are urgent threats to patient safety, care delivery and public trust. In this conversation, Ajay Gupta, board chair of Trinity Health…
Headline
The AHA July 2 expressed support for the Resident Physician Shortage Reduction Act (H.R. 3890), bipartisan legislation that would add 14,000 Medicare-funded…
Headline
The House July 3 voted 218-214 to pass the final version of the One Big Beautiful Bill Act (H.R. 1), which enacts many of President Trump’s legislative…
Headline
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
The House has begun consideration of the Senate-passed version of the One Big Beautiful Bill Act (H.R. 1). This continues to be a fluid…