On January 5, 2021, the Health Information Technology for Economic and Clinical Health Act (HITECH) amendment HR 7898 became law, and requires the Secretary of Health and Human Services (HHS) to consider “recognized cybersecurity practices” when deciding Health Insurance Portability and Accountability Act (HIPAA) fines and/or audit and mitigation solutions.
The amendment indicates that covered entity or business associates that adequately demonstrate security practices in place for over one year may mitigate fines, receive favorable termination of an audit, or mitigate other remedies imposed to resolve violations of the HIPAA Security Rule.
