On January 5, the President signed the HR 7898, HIPAA Safe Harbor Bill, into law, which amends the HITECH Act to require HHS to incentivize best practice security.
The legislation directs HHS to take into account a covered entity’s or business associate’s use of industry-standard security practices within the course of 12 months, when investigating and undertaking HIPAA enforcement actions, or other regulatory purposes.
The law also expressly noted that the HITECH changes do not give HHS the authority to increase fines or the extent of an audit, when an entity is found to be out of compliance with the recognized security standards.
The law also corrected technical elements of the 21st Century Cures Act related to the information blocking enforcement authority of HHS’ OIG. Specifically, under the new law, OIG is authorized to obtain information, assistance, and other support from federal agencies when investigating claims of information blocking by the developers or entities that offer health information technologies.