Question

What is a hot issue this week in the HIPAA Compliance? Please provide article with current date.

Answer 1

HELP Committee Calls for HHS to Recognize Good Faith Efforts to Improve Cybersecurity in its HIPAA Enforcement Activities

Enforcement of HIPAA compliance by the HHS’ Office for Civil Rights is viewed by many as overly punitive. Compliance investigations following complaints or data breaches often uncover violations of HIPAA Rules, which can lead to sizable financial penalties.

Organizations that have adopted good cybersecurity best practices could still receive a financial penalty following a data breach, even though they have made reasonable efforts to improve their security posture.

There have been calls for the HHS to take good faith efforts to improve cybersecurity into consideration when investigating breaches and to use discretion when considering enforcement actions.

While the threat of financial penalties for should encourage healthcare organizations to invest more in cybersecurity defenses, some consider the HHS approach to be having the opposite effect. Why invest heavily in cybersecurity when the HHS could still issue a financial penalty over a data breach?

An alternative approach, which is favored by several industry groups, is to incentivize healthcare entities to adopt strong cybersecurity best practices by taking the steps that have been taken to improve cybersecurity into account, such as adoption of the NIST cybersecurity framework. In cases where the covered entity can demonstrate that it has adopted strong cybersecurity practices, the entity should be protected against financial penalties.

Date: 30th May, 2019