HIPAA Penalty Changes

January 11th, 2021 - Wyn Staheli, Director of Research
Categories:   HIPAA|PHI   Compliance  
0 Votes - Sign in to vote or comment.

One of the ongoing problems facing healthcare organizations today is HIPAA breaches. Cyber attacks are occurring with increasing regularity and placing an even greater burden on already overwhelmed healthcare providers. Regardless of how many steps you take to try and prevent breaches, they happen. Unfortunately, the HITECH provisions don’t seem to consider that healthcare organizations who have been breached are often victims themselves. Those who have followed the rules should not be penalized the same as those who have not. A new law aims to correct that situation. 

On January 5, 2021, H.R. 7898 was signed into law by President Trump. This new law modifies the HITECH Act such that when an organization experiences a breach, fines and/or penalties may be reduced if (for at least a year) they have instituted “recognized security practices” as defined within the law. Additionally, there may also be reductions in the length of an audit. It should be noted that if the covered entity was NOT in compliance with these practices, HHS can NOT increase audit lengths, fines, and penalties.

The law defines “recognized security practices” as (emphasis added):

“... standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the National Institute of Standards and Technology Act, the approaches promulgated under section 405(d) of the Cybersecurity Act of 2015, and other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities. Such practices shall be determined by the covered entity or business associate, consistent with the HIPAA Security rule (part 160 of title 45 Code of Federal Regulations and subparts A and C of part 164 of such title)”

John Riggi, the American Hospital Association’s senior advisor for cybersecurity and risk stated that “The law provides the right balance of incentivizing voluntary, enhanced cybersecurity protocols in exchange for regulatory relief and recognition that breached organizations are victims, not the perpetrators.”

This new law is to be effective “as if included in the enactment of the 21st Century Cures Act (Public Law 114-255).” It should be noted that implementation of the 21st Century Cures Act was delayed again in relation to the COVID-19 Public Health Emergency. There are different implementation dates within the Cures Act for different provisions of the law. At the time of publication, it appears that the effective date for H.R. 7898 provisions will be April 5, 2021 when the information blocking and communication requirements take effect.

Since we are at the start of a new year, now is a great time to begin coming into compliance with HIPAA Security rules by starting with a Security Risk Assessment. You can download a free Security Risk Assessment Tool from HealthIT.gov to get started, but keep in mind that this is only one component of HIPAA Security requirements. See the References section below and innoviHealth’s Complete & Easy HIPAA Compliance publication for more information.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

HIPAA Penalty Changes
January 11th, 2021 - Wyn Staheli, Director of Research
On January 5, 2021, H.R. 7898 was signed into law by President Trump. This new law modifies the HITECH Act such that when an organization experiences a breach, fines and/or penalties may be reduced if (for at least a year) they have instituted “recognized security practices” as defined within the law.
CDT and CPT - The Same but Different!
December 8th, 2020 - Christine Woolstenhulme, QCC, QMCS, CPC, CMRS
Reporting a CPT code for an evaluation of a patient is based on time and if the patient is a new or established patient. Evaluation and Management codes are different than other codes, it is important to understand how they are used, prior to 2021 they were based on a ...
How to Search Find-A-Code for Medicare Policies and Guidelines — LCDs, NCDs and Articles —
November 18th, 2020 - Raquel Shumway
Help for Searching Find-A-Code when searching for Medicare Policies and Guidelines — LCDs, NCDs and/or Articles.
Cross-A-Code Instructions in Find-A-Code
November 18th, 2020 - Raquel Shumway
Cross-A-Codeis a toll found in Find-A-Code which helps you to locate codes in other code sets that help you when submitting a claim.
COVID Vaccine Codes Announced
November 11th, 2020 - Wyn Staheli, Director of Research
On November 10, 2020, the American Medical Association (AMA) announced the addition of two new codes which will be used for the new COVID-19 vaccines along with 4 new administration codes to be used when reporting the administration of these vaccines.
Are You Aware of the 2021 Star Rating System Updates?
November 5th, 2020 - Aimee Wilcox, CPMA, CCS-P, CST, MA, MT, Director of Content
Each year the Centers for Medicare & Medicaid Services (CMS) publishes the Star Ratings System Updates for Medicare Advantage (Part C) and Medicare Prescription (Part D). This rating system was developed to help beneficiaries identify and select the health plans that best meet their needs, specifically addressing main issues:  Quality of ...
Special Needs Plans Help Beneficiaries and Risk Adjustment Reporting
October 22nd, 2020 - Aimee Wilcox, CPMA, CCS-P, CST, MA, MT, Director of Content
It is no secret that Medicare and Medicaid are steadily moving towards their goal of value-based health care. Medicare Part C (Medicare Advantage) identifies and rewards payers, and subsequently their providers, for increasing the efficiency and quality of care they provide to Medicare...



Home About Contact Terms Privacy

innoviHealth® - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain)

Copyright © 2000-2021 innoviHealth Systems®, Inc. - CPT® copyright American Medical Association