Two days ago, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a public request for the information (RFI). The community should share its comments on two unmet requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).
What is the Purpose of the RFI?
However, the number of cyber threats is still growing and it causes serious damage to the healthcare sphere in particular. So, now the field seeks the strengthened security of electronically protected health information (ePHI) as ever before. The RFI is going to help the HHS Office for Civil Rights (OCR) to review methods of supporting implementations of the Recognized Security Practices in the healthcare field. The request for the information also is going to assist OCR in reviewing methods of money redistribution. It concerns costs that have been collected by law enforcement with people, who suffered from the HIPAA violation.
The First Unmet Requirement of the RFI: Section 13412 of the HITECH Act and Needed Comments
The first unmet requirement concerns the 2021 modification of the HITECH Act. OCR updated it with the HIPAA Safe Harbor Act. It demands the U.S. Department of Health and Human Services (HHS) take into account security methods, introduced by HIPAA-covered organizations. HHS should take it into consideration while assessing financial sanctions and other means of redress to solve potential HIPAA violations detected during audits and investigations.
This law aims to encourage HIPAA-covered organizations to implement the best cybersecurity methodologies. Organizations that have been keeping up with the best security standards of their field during the 12 months before the data error occurs, will gain lower monetary sanctions and control from the HHS’ side for data breaches as a bounty.
RFI asks the public to express opinions on how Recognized Security Practices are introduced to protect ePHI by HIPAA-covered organizations. Then, it also seeks points of view on how these organizations must demonstrate the effectiveness of Recognized Security Practices appropriately. The Request for the Information also requests the information about problems of practices’ introduction. Especially the most necessary ones to explain by the OCR in the form of further tips or rule development.
The Second Unmet Requirement of the RFI: CMP and Needed Comments
The second unmet requirement begins by signing the HITECH Act. Its bottom line for HHS is to distribute civil monetary penalties (CMPs) percent and estimated cash outflows among individuals suffering from violations, for which fees have been imposed. Under the HITECH Act, the U.S. Department of Health and Human Services (HHS) has to introduce techniques for setting certain amounts of costs that should be shared. It should be based on the nature and level of HIPAA violation as well as the nature and amount of damage caused.
RFI encourages the community to elaborate on the type of harm to consider when redistributing CMPs and cash settlements among suffered individuals. The Request for the Information also tells about the potential techniques of money distribution among suffered individuals. And it asks the community to suggest alternate techniques.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) urges suggestions from all interested parties. It concerns patients and their relatives, HIPAA-covered organizations and their business associates (BAs), consumers’ defenders, healthcare professional associations, medical information management professionals, healthcare IT providers, and public bodies.
Additional Information
Visit the Federal Register website to get more information about the HHS Office for Civil Rights’ RFI. It is also possible to leave comments and suggestions there. But it’s important to remember that you should send remarks by the 6th of January, 2022. Otherwise, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) won’t consider comments.
Check our news portal to always be on the top!
