H.R. 7898 became law on January 5, 2021, and amended the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the secretary of HHS to consider certain recognized security practices of covered entities and business associates when making certain determinations, and for other purposes.
In its July newsletter, OCR announced a collaboration with the HHS Office of the National Coordinator for Health Information Technology (ONC) to seek user feedback and improvement suggestions on its Security Risk Assessment (SRA) Tool.
HHS recently issued its Summer 2021 OCR Cybersecurity Newsletter, covering the topic of controlling access to ePHI. HHS officials cited a Verizon 2021 Data Breach Investigations report that found 61% of analyzed data breaches in the healthcare sector were perpetrated by external threat actors and 39% were carried out by insiders.
With the first month of fall arrived, it’s time to start thinking of the year ahead—and, of course, to finish the year strong. We’ve gathered some HIPAA compliance tips to consider while getting through the final third of the year and building some compliance momentum heading into 2022.