HealthcareCISO

On Jan. 5, 2021, the President signed into law H.R. 7898, which provides even more incentive for Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates to develop robust security compliance programs.

The new law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the U.S. Department of Health and Human Services (HHS), when contemplating penalties for HIPAA-covered entities and business associates, to take certain security practices into account. Specifically, the HHS Secretary is required to consider whether the covered entity or business associate is able to adequately demonstrate that it had "recognized security practices" in place for at least the prior 12 months. If it does, it "may" result in early, favorable termination of audits, or mitigate other fines and penalties.

The law defines...