The President signed H.R. 7898 — the HIPAA Safe Harbor Bill — into law on January 5, 2021. The legislation amends the HITECH act to require the Department of Health and Human Services (HHS) to incentivize best-practice cybersecurity for meeting HIPAA requirements.
Specifically, HR7898 requires that HHS evaluate whether or not an organization is using recognized cybersecurity best practices when calculating fines related to security incidents. To avoid fines, it is important to make sure your organization is compliant and keeping up with best practices.
The healthcare industry continues to be the most impacted sector when it comes to cyberattacks, accounting for 79 percent of all reported data breaches from January to November 2020. What’s more, attacks against healthcare entities increased by 45 percent between November 2020 and January 2021.
Historically, HIPAA enforcement actions have included severe penalties against organizations that experienced cyberattacks despite their best cybersecurity practices. The HIPAA Safe Harbor law now has HHS consider their efforts in preventing cyberattacks when determining penalties. The law also serves as a positive incentive for providers to increase investment in cybersecurity programs and practices that ultimately benefit patients and serve to protect their private information. In a time when healthcare is targeted by cybercriminals at an alarming rate, the HIPAA Safe Harbor bill is one of many recent industry efforts aimed at improving cybersecurity.
How To Avoid Penalties
Hartman Executive Advisors has extensive experience with working with clients to assess their cybersecurity risks and HIPAA compliance. We work to ensure that clients are on the right path when it comes to investing their resources in cybersecurity and infrastructure and provide ongoing leadership to address cybersecurity threats moving forward. If your organization has not performed a HIPAA assessment or Security Risk Assessment in the past 12 months, reach out for a free consultation with one of our healthcare experts to get a complete picture of your organization and avoid the penalties associated with non-compliance.