H.R. 7898, signed into law on January 5, 2021, addresses the recognition of security practices and amends the HITECH Act – kind of.
As the hockey great Wayne Gretzky relayed, “I skate to where the puck is going to be, not where it has been.”
These words were relayed to Gretzky by his father and they are equally applicable to cybersecurity management – look to the future to stay ahead of the curve. An article that recently read mentioned “four lines of sight” that should be used throughout a business cycle:
Let’s apply these concepts to H.R. 7898, which was signed into law on January 5, 2021, which addresses the recognition of security practices and amends the HITECH Act – kind of.
H.R. 7898 amended the HITECH Act (42 U.S.C. §17931, et seq. by adding Section 13412:
(a) In General.—Consistent with the authority of the Secretary under sections 1176 and 1177 of the Social Security Act, when making determinations relating to fines under such section 1176 (as amended by section 13410) or such section 1177, decreasing the length and extent of an audit under section 13411, or remedies otherwise agreed to by the Secretary, the Secretary shall consider whether the covered entity or business associate has adequately demonstrated that it had, for not less than the previous 12 months, recognized security practices in place that may—
(b) Definition And Miscellaneous Provisions.—
The express language of the amendments highlight the nexus between the recognized security practices, NIST, and HIPAA. If we harken back to the Final Omnibus Rule (78 Fed. Reg. 5566, 5575, 5647 (Jan. 25, 2013), NIST is mentioned, along with HIPAA and the HITECH Act. If organizations would have applied the four concepts above to HIPAA and cybersecurity compliance, perhaps the following would have been gleaned:
In cybersecurity, as in life, a holistic approach, which includes reflecting on the past, being present today, and looking ahead to anticipate changes, trends, and threats, should be utilized. Failing to see “where the puck is going” can result in a losing strategy and increased risk for non-compliance with HIPAA and the HITECH Act.
Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.
Asset Protection and Financial Planning
December 6th 2021Asset protection attorney and regular Physicians Practice contributor Ike Devji and Anthony Williams, an investment advisor representative and the founder and president of Mosaic Financial Associates, discuss the impact of COVID-19 on high-earner assets and financial planning, impending tax changes, common asset protection and wealth preservation mistakes high earners make, and more.
How AI billing delivers precision, compliance, and savings
November 26th 2024For healthcare providers, executives, and decision-makers, embracing AI in claims processing is not just a step toward improved financial outcomes—it’s an ethical commitment to better care and a more patient-centered approach to service delivery.
How to reduce surprise billing in your practice
November 15th 2021Physicians Practice® spoke with Kristina Hutson, a product line developer at Availity, about surprise billing events in independent healthcare practices and what owners and administrators can do to reduce the likelihood of their occurrence.