Cybersecurity in the health industry is more critical than ever. With cyberattacks on the rise and more private data becoming digitized, it’s paramount that health organizations implement cybersecurity measures. Now, the HIPAA Safe Harbor Bill (H.R. 7898) provides incentives for doing so as soon as possible.
In the first week of 2021, the H.R. 7898 bill — which amends the Health Information Technology for Economic and Clinical Health (HITECH) Act — was signed into law. The HITECH Act describes penalties for violating Health Insurance Portability and Accountability Act (HIPAA) rules
So, what does this new law mean? It means that the Secretary of Health and Human Services must consider whether your organization has maintained “recognized security practices” when making penalty and audit determinations in the case of a HIPAA Security Rule violation. Suppose you can demonstrate that you’ve had “recognized security practices” in place for 12 months prior to the HIPAA breach or security incident. In that case, it may result in lower fines, an early favorable determination of an audit, and changes to the terms of any agreement to resolve the HIPAA violation.
In other words:
Of course, the H.R. 7898 bill does not allow Health and Human Services to increase fines if you choose not to implement security practices, but it gives you an excellent incentive to do so! As noted by Health IT Security, in the past, “HIPAA enforcement actions ‘have applied severe penalties against organizations victimized by cyberattacks in spite of their well-resourced programs that employ industry best cybersecurity practices.’”
The H.R. 7898 bill moves towards rebalancing this inequity of penalties by directing HHS to take recognized security best practices from the previous 12 months into account when determining the severity of penalties.
So, how great of a threat are cyberattacks? Well, Health IT Security also notes that cyberattacks against healthcare entities have risen 45% since November 2020 and that 79% of all reported data breaches up to that point were already within the health sector.
If your healthcare organization is at risk, or if you’re unsure about the quality of your current cybersecurity practices, Matterform can help you achieve the HIPAA Safe Harbor security standard.