HHS Seeks Input on HIPAA “Safe Harbor”

King & Spalding
Contact

On April 6, 2022, HHS Office for Civil Rights (OCR) issued a Request for Information (RFI) to solicit public comment on the implementation of the newly-enacted “safe harbor” under the Health Insurance Portability and Accountability Act (HIPAA). The safe harbor, enacted in January 2021 at 42 U.S.C. § 17941, requires HHS, when making determinations regarding fines, audits, and remedies to resolve potential violations of the HIPAA Security Rule, to consider “recognized security practices” that HIPAA covered entities and business associates “adequately demonstrate” were in place for the preceding 12 months. The RFI solicits comments on how covered entities and business associates understand and are implementing recognized security practices, how they anticipate adequately demonstrating security practices are in place, and other implementation issues they are considering or would like OCR to clarify for the public. OCR notes that it expects “adequate demonstration” to include the implementation and not merely adoption of the practices. A copy of the RFI is available here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© King & Spalding

Written by:

King & Spalding
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide