AHA urges OCR to expedite regulatory relief for certain cybersecurity practices

Nov 16, 2021 - 08:43 AM
Cybersecurity Lock on Gold Wall

The AHA today urged the Department of Health and Human Services’ Office for Civil Rights to quickly initiate rulemaking for a legislative provision (H.R. 7898) enacted by Congress this year to recognize certain recommended security practices when making determinations related to Health Insurance Portability and Accountability Act audits, fines and resolution agreements.

“The law appropriately recognizes that covered entities and business associates, like all entities including the Federal Government, can never fully eliminate the risk of cyberattacks,” AHA wrote. “When the inevitable attack occurs, entities should not be penalized, but rather treated as the victims of a crime. The law translates this concept by allowing certain measures of regulatory relief if the HIPAA-covered entity or business-associate victim had in place federally recognized security practices, such as those defined under the National Institute of Standards and Technology (NIST) Cybersecurity Framework and developed under Section 405(d) of the Cybersecurity Act of 2015.”
 

Related News Articles

Headline
Senate negotiations ongoing as longest government shutdown in history continues
Senate negotiations on a potential funding deal to end the record-long government shutdown are ongoing, and the chamber is likely to continue working through…
Headline
Agencies release guidance on Microsoft Exchange server best practices
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners released joint guidance Oct. 30 on best practices for…
Headline
AHA supports House bill pausing home health cuts for two years 
The AHA expressed support Nov. 3 for the bipartisan Home Health Stabilization Act (H.R. 5142), legislation that would establish a two-year pause on planned…
Headline
Microsoft issues security update addressing critical vulnerability impacting Windows server services 
Microsoft has released a security update to address a critical remote code execution vulnerability impacting multiple versions of Windows Server Update…
Headline
Shutdown likely to continue into fifth week
There is still no clear end in sight to the government shutdown as today marks day 30 and is approaching the 35-day record that occurred in 2018-2019. Some…
Headline
AHA urges smarter AI regulation for advancing innovation, safety and access to health care
The AHA today submitted a letter to the Office of Science and Technology Policy in response to its request for information on regulatory reform for artificial…