The AHA today urged the Department of Health and Human Services’ Office for Civil Rights to quickly initiate rulemaking for a legislative provision (H.R. 7898) enacted by Congress this year to recognize certain recommended security practices when making determinations related to Health Insurance Portability and Accountability Act audits, fines and resolution agreements.

“The law appropriately recognizes that covered entities and business associates, like all entities including the Federal Government, can never fully eliminate the risk of cyberattacks,” AHA wrote. “When the inevitable attack occurs, entities should not be penalized, but rather treated as the victims of a crime. The law translates this concept by allowing certain measures of regulatory relief if the HIPAA-covered entity or business-associate victim had in place federally recognized security practices, such as those defined under the National Institute of Standards and Technology (NIST) Cybersecurity Framework and developed under Section 405(d) of the Cybersecurity Act of 2015.”
 

Related News Articles

Headline
In a statement submitted to the House Energy and Commerce Health Subcommittee for a hearing April 17 on President Biden’s fiscal year 2025 Health and Human…
Headline
It's always important to bring the issue back to the patient, said Sarah Lechner, senior vice president and chief of external affairs for Hackensack Meridian…
Headline
Department of Health and Human Services Deputy Secretary Andrea Palm addressed AHA Annual Membership Meeting attendees about the Administration’s work to…
Headline
Rep. Brett Guthrie, R-Ky., today addressed attendees of AHA’s 2024 Annual Membership Meeting and touched on many of the biggest issues in health care:…
Headline
Three retiring members of Congress — Brad Wenstrup, R-Ohio, Larry Bucshon, R-Ind., and Dan Kildee, D-Mich. — engaged in a genial conversation that covered the…
Headline
Sen. John Thune, R-S.D., April 16 updated AHA members on progress to extend telehealth waivers, offering hope that a solution will arise in end-of-year…