In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon. Section 13412 of the HITECH Act requires OCR to take into consideration in certain Security Rule enforcement and audit activities whether a regulated entity has adequately demonstrated that recognized security practices were “in place” for the prior 12 months.
This presentation is intended to educate the health care industry on the categories of recognized security practices and how entities regulated under the HIPAA Rules may demonstrate implementation. Topics include:
- The 2021 HITECH Amendment regarding recognized security practices
- How regulated entities can demonstrate that recognized security practices are in place
- Details the evidence of recognized security practices that may be requested by OCR in the event of a HIPAA Security Rule investigation or audit
- Where to find more information about recognized security practices
- Provides answers to a selection of questions submitted to OCR in June 2022 on recognized security practices