HITECH Act Amendment Incentivizes Adoption of NIST and Other Recognized Cybersecurity Safeguards as a Defense or Mitigation to HIPAA Enforcement

The National Law Review

Brian G. Cesaratto, Patricia M. Wagner, Alaap B. Shah

On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or mitigation remedies. The new law provides a strong incentive to covered entities and business associates to adopt “recognized cybersecurity practices” and risk reduction frameworks when complying with the HIPAA privacy and security standards to reduce risk associated with security threats and HHS enforcement determinations. Specifically, the earlier adoption of an established, formalized and recognized cybersecurity framework, may significantly insulate entities from regulatory enforcement in the wake of subsequent security incidents or data breaches.

The amendment mandates...

Get the Morning Update

© 2020 by HealthcareCISO.