The Department of Health and Human Services’ Office for Civil Rights yesterday released a video on recognized security practices under the HIPAA security rule and how covered entities may demonstrate implementation.

“An amendment to the HITECH Act passed in January 2021, through the efforts of AHA and other prominent health care organizations, provided regulatory relief for a HIPAA covered entity that becomes victim of a cyberattack and can demonstrate that it had recognized security practices such as the Health Industry Cybersecurity Practices in place for the previous 12 months, said John Riggi, AHA’s national advisor for cybersecurity and risk. “This important video outlines what type of evidence and documentation must be presented to OCR to qualify for the regulatory relief. The evidence must demonstrate that the recognized cybersecurity practices have been implemented and are functioning on an organizational wide basis. In the face of continued high-impact cyberattacks and increased government scrutiny of health care cybersecurity practices, this statute provides significant incentive for hospitals and health systems to voluntarily implement recognized cybersecurity practices.” 

Related News Articles

Headline
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…
Headline
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…