The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.”
The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate OCR to look at recognized security practices that were set up for about 12 months before the enforcement of particular Security Rule and review of activities. OCR earlier released a Request for Information concerning the recognized security practices of the HITECH Act, but the period for getting comments concluded last week.
There is a misunderstanding regarding what comprises recognized security practices and how to show OCR that recognized security practices have already been implemented continuously for 12 months before a data breach or an investigation by OCR.
In the video, Senior Advisor for Cybersecurity at OCR, Nicholas Heesters, is going to discuss
- the amendment in the 2021 HITECH Act with regards to recognized security practices
- the advice on demonstrating the security practices that are in place
- the proof of the security practices to be requested by OCR
- how to learn additional data on the best security strategies to carry out.
Prior to the creation of the video, OCR has asked HIPAA-regulated entities to give their questions so that they could be tackled in the video presentation. The due date for sending the questions is on June 17, 2022. HIPAA-regulated entities can send their questions to: OCRPresents@hhs.gov
The video presentation will be released by OCR this summer. The announcement regarding the viewing of the video presentation will be given at a later date.