OCR to Produce Video Presentation on HITECH Act Recognized Security Practices
The HHS’ Office for Civil Rights (OCR) is producing a video presentation to help HIPAA-regulated entities implement “Recognized Security Practices.”
The Health Information Technology for Economic and Clinical Health (HITECH) Act was recently amended (Public Law 116-321) to require OCR to consider recognized security practices that have been in place for at least 12 months prior to certain Security Rule enforcement and audit activities. OCR previously issued a Request for Information regarding the HITECH Act recognized security practices, the comment period for which ended last week.
There has been confusion about what constitutes recognized security practices and how it is possible to demonstrate to OCR that recognized security practices have been adopted and have been continuous for the 12 months prior to a data breach or OCR investigation.
In the video presentation, Nicholas Heesters, Senior Advisor for Cybersecurity at OCR will explain the 2021 HITECH Act amendment regarding recognized security practices, provide guidance on demonstrating security practices have been in place, how evidence of those security practices will be requested by OCR, and how to find out more information on the best security practices to implement.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Ahead of the publication of the video, OCR has requested questions from HIPAA-regulated entities to ensure they are addressed in the presentation. The deadline for submitting questions is June 17, 2022. Questions should be sent to: [email protected]
Update: OCR has released the video: Further information is available here.