Although the 2021 HR 7898 HIPAA Safe Harbor law grants entities some protection against hefty HIPAA penalties, there are security nuances that risk managers and compliance officers must consider. Erin Dunlap provided Healthcare Risk Management with insight into how organizations can leverage security and risk management practices to reduce penalties from HIPAA-related investigations.

HIPAA-covered entities have some flexibility in determining their recognized security practices, but Erin recommended they consider the NIST framework and HHS cybersecurity guidance for healthcare entities. Organizations that can show compliance with these industry-recognized standards and approaches in the previous 12 months may see a favorable termination of an investigation or may be granted leniency toward fines and penalties by the U.S. Department of Health and Human Services, Office for Civil Rights.

With a deep understanding of HIPAA, 42 C.F.R Part 2, state privacy laws and the new Information Blocking Rule, Erin regularly advises organizations working in the health care space on a variety of privacy and security-related compliance issues, and offers practical advice and recommendations.

Read the full article here.