Just when it seemed impossible to avoid penalties for highly sophisticated and unavoidable cybersecurity breaches, a new bill known as the HIPAA Safe Harbor has come into effect. HIPAA’s overbearing standards have made it difficult for covered entities and businesses to follow the proper procedures. And in recent times, even organizations with industry-standard best security practices have experienced cybersecurity breaches.
This is certainly discouraging for entities who believe best security practices mean their defense is impenetrable. Some healthcare entities may lack the proper tools and resources to establish a rock-solid compliance program. Nevertheless, the passing of the HIPAA Safe Harbor bill will certainly encourage more entities to increase their investment in cybersecurity to meet HIPAA requirements.
The healthcare industry has long been plagued by cybersecurity incidents. Even the best cybersecurity practices and measures implemented by organizations proved to be futile against highly sophisticated cyberattacks. In 2020, from January to November, it has been reported that 79% of data breaches are connected to cybersecurity. What’s more, cyberattacks have increased by 45% in the last three months, from November 2020 to January 2021.
Should organizations just give up and accept fines for experiencing breaches? Well, not anymore. The recent news of passing this bill has sent shockwaves across the country. Why? Let’s see what the HIPAA Safe Harbor bill means.
What is the HIPAA Safe Harbor Bill?
On January 5, Present Donald Trump officially signed the HIPAA Safe Harbor Bill (HR 7898) into law. The bill adjusted the HITECH act to require the Department of Health and Human Services (HHS) to incentivize entities for best practice cybersecurity and meeting HIPAA requirements.
The HIPAA Safe Harbor bill was introduced to protect organizations that have been exploited by cybercriminals. The government saw that even the most security-conscious organizations are struggling to defend against cyber-attacks. And what did the Office for Civil Rights (OCR) do? The OCR kept issuing and increasing fines and penalties against these organizations. And therefore, with the backing of the House Energy and Commerce Committee, the proposed HIPAA Safe Harbor bill finally became law.
HHS is now required to assess covered entities’ and business associates’ industry-standard security practices within the course of the past 12 months when investigating or undertaking HIPAA enforcement actions.
Furthermore, there are three major notable changes made that HHS must take into account.
First, the HHS must take into consideration the cybersecurity practices implemented by organizations before issuing disciplinary actions and penalties.
Second, the HHS is required to minimize the length and extent of an audit if it is found that an entity has indeed met the industry-standard security practices, even if they experience a breach.
Third, the HHS is also required to decrease fines and extent of an audit, when an organization is found to be out of compliance with the NIST or Cybersecurity Act of 2015.
Indeed, this is massive news for everyone in the healthcare industry. Covered entities and business associates’ standard of compliance will now be assessed by their consistency with the HIPAA Security Rule.
The bill also aimed to stimulate organizations to conduct HIPAA Security risk assessments and immediately put a security plan in place with documentation. This is one of many recent successful initiatives aimed at improving cybersecurity.
Simplify Compliance with HIPAA Ready
There is no better way to ensure compliance than making use of HIPAA Ready. HIPAA Ready is a robust, intuitive HIPAA compliance management software that is designed to reduce administrative burden and cost for compliance. This modern tool integrates all important elements of HIPAA compliance into a single platform that can be accessed by the management and staff on the go from mobile devices. The price for this software starts at $10/month/user.
Top features within the application include:
- Training management
- Incident management
- Policy management
- Device management
- Access management
- Business associate management
- And more
Start your free trial to assess the standard of your compliance and experience how HIPAA Ready can streamline your operations. To get a demonstration of the HIPAA Ready app, leave a comment below, and we will contact you within 24 hours!