New HIPAA Safe Harbor Law requires HHS to incentivize best practice security — Is your organization compliant?

Share
Share
Share

United States Department of Health and Human Services building in Washington, DCThe President signed H.R. 7898 — the HIPAA Safe Harbor Bill into law on January 5, 2021. The legislation amends the HITECH act to require the Department of Health and Human Services (HHS) to incentivize best-practice cybersecurity for meeting HIPAA requirements.

Specifically, HR7898 requires that HHS evaluate whether or not an organization is using recognized cybersecurity best practices when calculating fines related to security incidents. To avoid fines, it is important to make sure your organization is compliant and keeping up with best practices.

The healthcare industry continues to be the most impacted sector when it comes to cyberattacks, accounting for 79 percent of all reported data breaches from January to November 2020. What’s more, attacks against healthcare entities increased by 45 percent between November 2020 and January 2021.

Historically, HIPAA enforcement actions have included severe penalties against organizations that experienced cyberattacks despite their best cybersecurity practices. The HIPAA Safe Harbor law now has HHS consider their efforts in preventing cyberattacks when determining penalties. The law also serves as a positive incentive for providers to increase investment in cybersecurity programs and practices that ultimately benefit patients and serve to protect their private information. In a time when healthcare is targeted by cybercriminals at an alarming rate, the HIPAA Safe Harbor bill is one of many recent industry efforts aimed at improving cybersecurity.

How To Avoid Penalties

Hartman Executive Advisors has extensive experience with working with clients to assess their cybersecurity risks and HIPAA compliance. We work to ensure that clients are on the right path when it comes to investing their resources in cybersecurity and infrastructure and provide ongoing leadership to address cybersecurity threats moving forward. If your organization has not performed a HIPAA assessment or Security Risk Assessment in the past 12 months, reach out for a free consultation with one of our healthcare experts to get a complete picture of your organization and avoid the penalties associated with non-compliance.

Types:

Get in Touch

Name(Required)

Related Blogs:

The Digital Jobsite: How Tech Is Revolutionizing Construction Workflows

The Digital Jobsite: How Tech Is Revolutionizing Construction Workflows

At the heart of urban development and infrastructure, the construction industry stands at the brink of a digital revolution. With…
Redefining Nonprofit IT: How to Future-Proof Your Organization

Redefining Nonprofit IT: How to Future-Proof Your Organization

In today’s digital era, nonprofits are facing an undeniable reality: technology silos are creating enormous complexities and barriers to growth.…
Future-Proof Your Bank: Strategies for Digital Transformation and Innovation [Podcast]

Future-Proof Your Bank: Strategies for Digital Transformation and Innovation [Podcast]

EPISODE SUMMARY During these difficult economic times, it is more important than ever for banks to embrace digital transformation —…
Scroll to Top

Let's Talk!