Healthcare continues to be a target for hackers due to the combination of the quality of data and the perception that healthcare organizations and their business associates often have lax security practices. But what if your organization has implemented good security practices and still has a breach?
In 2020, the Department of Health and Human Services (HHS) issued fines and penalties to seven organizations ranging from $100,000 to $6,850,000. Some of these organizations had taken reasonable and appropriate steps to protect their data and still got breached. But the fines and penalties did not always reflect the efforts taken.
In January of this year, the President signed HR7898, known as the HIPAA Safe Harbor bill, into law. The HIPAA Safe Harbor Law requires HHS to take an entity's cybersecurity practices into consideration when calculating fines. The law also required HHS to decrease the extent and length of audits if the impacted entity has met industry standard best practices related to security.
Join CompliancePoint on Thursday, September 16th at 2PM. We will review the HIPAA Safe Harbor Law and discuss what you should be doing now to protect yourself from excessive regulatory penalties.
What You'll Learn
Who Should Attend