Blog Post

Must Watch Summer Viewing Coming Soon: OCR’s Upcoming Video Presentation on the HITECH Act’s Recognized Security Practices

June 14, 2022

By Elizabeth F. Hodge

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022, that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of the Health Information Technology for Economic Health Act (HITECH Act) and is seeking questions from the public that OCR could address during the presentation. The video is expected to be available for viewing this summer and will be welcomed by those covered entities and business associates as the statutory amendment is short on details about how OCR will implement the new provisions.

The HITECH Act now requires OCR to consider in certain Security Rule enforcement and audit activities whether a covered entity or business associate (a regulated entity) has adequately demonstrated that it had recognized security practices in place for the prior twelve months. Regulated entities that can demonstrate to OCR that they have had recognized security practices in place for the prior twelve months may qualify for mitigation of fines and other remedial measures.

In addition to the upcoming video presentation, OCR recently issued a Request for Information (RFI) regarding the “recognized security practices.” See our previous Health Law Rx blog on the RFI comment period for the RFI closed June 6, 2022.

Pending further regulatory activity, OCR is asking interested parties to submit questions to be addressed during its video presentation. According to OCR’s email announcement, the video presentation is intended to “educate regulated entities on the categories of recognized security practices and how entities may demonstrate implementation.” OCR plans to address these topics in the video:

  • The 2021 HITECH Act amendment regarding recognized security practices;
  • How regulated entities can adequately demonstrate that they have recognized security practices in place;
  • How OCR is requesting evidence of recognized security practices;
  • Resources for more information about recognized security practices; and
  • OCR’s recent RFI on recognized security practices.

Regulated entities that want to submit questions must act quickly by emailing OCR at [email protected] no later than Friday, June 17, 2022. Covered entities and business associates should also watch for an announcement from OCR with the release date of the video. In the meantime, regulated entities should begin implementing recognized security practices, if they have not already done so, and assess how they can document that such practices are in place and operational.

This information is intended to inform firm clients and friends about legal developments, including recent decisions of various courts and administrative bodies. Nothing in this Practice Update should be construed as legal advice or a legal opinion, and readers should not act upon the information contained in this Practice Update without seeking the advice of legal counsel. Prior results do not guarantee a similar outcome.

Related People

Related Work

Related Offices

Health Law Rx

Akerman Perspectives on the Latest Developments in Healthcare Law

Visit this Akerman blog

People
Perspectives
Work
Firm
Vision
700+ Lawyers
24 Offices
To navigate our site
To search our site

Welcome to our new site

Click anywhere to enter