Must Watch Summer Viewing Coming Soon: OCR’s Upcoming Video Presentation on the HITECH Act’s Recognized Security Practices

Akerman LLP - Health Law Rx

Akerman LLP - Health Law Rx

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022 that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of the Health Information Technology for Economic Health Act (HITECH Act) and is seeking questions from the public that OCR could address during the presentation. The video is expected to be available for viewing this summer and will be welcomed by those covered entities and business associates as the statutory amendment is short on details about how OCR will implement the new provisions.

The HITECH Act now requires OCR to consider in certain Security Rule enforcement and audit activities whether a covered entity or business associate (a regulated entity) has adequately demonstrated that it had recognized security practices in place for the prior twelve months.  Regulated entities that can demonstrate to OCR that they have had recognized security practices in place for the prior twelve months may qualify for mitigation of fines and other remedial measures.

In addition to the upcoming video presentation, OCR recently issued a Request for Information (RFI) regarding the “recognized security practices.”  See our previous Health Law Rx blog on the RFI comment period for the RFI closed June 6, 2022.

Pending further regulatory activity, OCR is asking interested parties to submit questions to be addressed during its video presentation. According to OCR’s email announcement, the video presentation is intended to “educate regulated entities on the categories of recognized security practices and how entities may demonstrate implementation.”  OCR plans to address these topics in the video:

  • The 2021 HITECH Act amendment regarding recognized security practices;
  • How regulated entities can adequately demonstrate that they have recognized security practices in place;
  • How OCR is requesting evidence of recognized security practices;
  • Resources for more information about recognized security practices; and
  • OCR’s recent RFI on recognized security practices.

Regulated entities that want to submit questions must act quickly by emailing OCR at no later than Friday, June 17, 2022. Covered entities and business associates should also watch for an announcement from OCR with the release date of the video.  In the meantime, regulated entities should begin implementing recognized security practices, if they have not already done so, and assess how they can document that such practices are in place and operational.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akerman LLP - Health Law Rx | Attorney Advertising

Written by:

Akerman LLP - Health Law Rx

Akerman LLP - Health Law Rx on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.