OCR to Create Video on Recognized Security Practices in the HITECH Act

The HHS’ Office for Civil Rights (OCR) is creating a video to support HIPAA-regulated entities in carrying out “Recognized Security Practices.”

The Health Information Technology for Economic and Clinical Health (HITECH) Act was lately modified (Public Law 116-321) to necessitate OCR to look at recognized security practices that were set up for about 12 months before the enforcement of particular Security Rule and review of activities. OCR earlier released a Request for Information concerning the recognized security practices of the HITECH Act, but the period for getting comments concluded last week.

There is a misunderstanding regarding what comprises recognized security practices and how to show OCR that recognized security practices have already been implemented continuously for 12 months before a data breach or an investigation by OCR.

In the video, Senior Advisor for Cybersecurity at OCR, Nicholas Heesters, is going to discuss

  • the amendment in the 2021 HITECH Act with regards to recognized security practices
  • the advice on demonstrating the security practices that are in place
  • the proof of the security practices to be requested by OCR
  • how to learn additional data on the best security strategies to carry out.

Prior to the creation of the video, OCR has asked HIPAA-regulated entities to give their questions so that they could be tackled in the video presentation. The due date for sending the questions is on June 17, 2022. HIPAA-regulated entities can send their questions to: OCRPresents@hhs.gov

The video presentation will be released by OCR this summer. The announcement regarding the viewing of the video presentation will be given at a later date.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.