New Jersey - (201) 891-3726

New Jersey
  • 356 Franklin Avenue
  • Second Floor
  • Wyckoff, NJ 07481
  • **********
  • (By Appointment Only)
  • Shore Crossings – 3600 Route 66
  • Suite 150
  • Neptune, NJ 07753
  • (201) 891-3726 tel

New York - (646) 759-2962

New York
  • (By Appointment Only)
  • 43 West 43rd Street
  • Suite 143
  • New York, NY 10036
  • (646) 759-2962 tel

HIPAA Safe Harbor Bill Signed Into Law: OCR to consider mitigation efforts when evaluating HIPAA violations

By: Cristina N. Hyde, JD

On January 5, 2021, the President signed H.R. 7898 – the HIPAA Safe Harbor Bill – into law.  The new legislation amends the Health Information Technology for Economic and Clinical Health Act; addressing health information technology as it relates to security practices.  The full text of the new public law will be published here.  However, as it has not been published yet, the text of the bill as of December 21, 2020, can be found here.

 Simply put, the law requires that the Department of Health and Human Services (HSS) consider a covered entity’s application of “recognized security practices” (over the course of 12 months) when investigating violations of the HIPAA security rule.  Notably, while a finding of compliance could lead to the reduction of sanctions, penalties or audit lengths, the amendment does not authorize HHS to increase consequences for those found to be noncompliant.  The bill not only creates and incentive for health care practitioners to focus on cybersecurity, but also necessitates covered entities to demonstrate that they have done so with appropriate documentation.

We anticipate that the HHS will now proceed with the notice and rule making process which normally accompanies implementation.  Our office will keep you updated, as necessary. For more information and if you would like assistance reviewing your security compliance and documentation policies, Contact Us. 

Leave a Reply

Your email address will not be published. Required fields are marked *