fbpx
Search
Close this search box.

HIPAA Cybersecurity Incentivized in New Safe Harbor Law

Woman working on a laptop with a stethescrope laying next to it.

After an unprecedented year of cyber-attacks and ransomware on healthcare organizations, former President Donald Trump signed into law The Safe Harbor Bill. This ratified changes to the HITECH Act that included reduced HIPAA fines and penalties for data breaches if your practice has proper security measures in place. The new law legislation (Safe Harbor Law – HR 7898) went into effect on January 5th, 2021.

What Is the HIPAA Safe Harbor Law?

The HIPAA Safe Harbor bill amends the HITECH Act to require the Department of Health and Human Services (HHS) to consider whether a covered entity or business associate has met recognized cybersecurity practices when HHS makes certain determinations, such as whether to bring an enforcement action. Under this new legislation, HHS will take into account whether an organization has been using recognized. HIPAA cybersecurity best practices to comply with the HIPAA Security Rule.

HIPAA Resource Center

HHS may reduce fines and penalties for violations of certain federal privacy standards for health information or PHI if the practices or covered entities have all the basic technical safeguards in place to mitigate identified threats. In summary, if your organization has adopted one of the defined “recognized security practices” and has a data breach violation, HHS may be more lenient with fines and penalties.

What Does “Recognized Cybersecurity Practices” Mean?

The Safe Harbor Bill has loosely defined recognized cybersecurity practices and HHS has not yet publicized regulations, but the legislation cites two frameworks:

  • NIST Act: Standards, guidelines, best practices, methodologies, procedures, and processes developed under the National Institute of Standards and Technology Act.
  • Cybersecurity Act of 2015: cybersecurity practices developed under section 405 of this Act.

Your organization or practice must have a cybersecurity framework in place and demonstrate having industry-standard security measures in place for 12 months before getting the benefits of reduced enforcement and penalties.

There is no specific timeline for HHS to develop regulations that implement the law, but covered entities and business associates should begin preparation now. The addition of HIPAA Safe Harbor Law signifies compliance and cybersecurity work best together. The first step is to assess your organization’s weaknesses using a HIPAA Compliance Gap Analysis. Our team of compliance experts is here to help. If you do not have the required security standards in place, it’s time to start implementing these cybersecurity best practices as cyber threats in the healthcare sector continue to be on the rise in 2021.

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

IT Outsourcing Company Trends - Corsica Technologies

11 Emerging Trends in Technology and IT Outsourcing

Things change fast in the world of technology. From emerging trends in cybersecurity to EDI and data integration, it’s challenging for midmarket companies to meet the technology needs of their internal and external customers. For many organizations, outsourcing is the

Read more
EDI Issues and Challenges - Corsica Technologies

7 Pitfalls To Avoid On Your EDI Journey

Electronic Data Interchange (EDI) is an essential technology for exchanging transactional data between business partners, also known as Trading Partners in the EDI community. From orders, invoices, and advance shipment notifications to benefit enrollments, claims processing, and payment authorizations, numerous

Read more
Cybersecurity Trends 2024 - Corsica Technologies

10 Cybersecurity Trends Emerging In 2024

When it comes to cybersecurity, things are never static. So far, 2024 is consistent with this theme. We’re seeing a mix of familiar trends intensifying alongside startling new developments. From the cybersecurity skills crunch to AI-powered attacks, 2024 is shaping

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.