Erin Dunlap Provides Insight on Overturned HIPAA Penalty for Healthcare Risk Management

Erin Dunlap Discusses Recognized Security Practices for Complying with HIPAA Safe Harbor Law in Healthcare Risk Management

Although the 2021 HR 7898 HIPAA Safe Harbor law grants entities some protection against hefty HIPAA penalties, there are security nuances that risk managers and compliance officers must consider. Erin Dunlap provided Healthcare Risk Management with insight into how organizations can leverage security and risk management practices to reduce penalties from HIPAA-related investigations. HIPAA-covered entities have some flexibility in determining their recognized security practices, but Erin recommended they consider the NIST framework and HHS cybersecurity guidance for healthcare entities. Organizations that can show compliance with these industry-recognized standards and approaches in the previous 12 months may see a favorable termination of an investigation or may be granted leniency toward fines and penalties by the U.S. Department of Health and Human Services, Office for Civil Rights. With a...

Read MoreRead More
Erin Dunlap Provides Insight on Overturned HIPAA Penalty for Healthcare Risk Management

Erin Dunlap Provides Insight on Overturned HIPAA Penalty for Healthcare Risk Management

When the Fifth U.S. Circuit Court of Appeals overturned a $4.3 million civil monetary penalty imposed on the University of Texas M.D. Anderson Cancer Center by the U.S. Department of Health and Human Services (HHS), Healthcare Risk Management asked health care data privacy attorney Erin Dunlap to explain how the decision may impact HIPAA covered entities and business associates. Erin called the decision a “game changer,” particularly in how entities subject to HIPAA will view HIPAA’s encryption rule, evaluate a loss of protected health information (PHI) and engage with HHS in setting investigations.  Erin specifically highlighted the Fifth Circuit’s position that the encryption specification was not a strict liability rule and perfection or ‘bulletproof protection’ is not the standard.  This is helpful for HIPAA covered entities...

Read MoreRead More