The Department of Health and Human Services is seeking input on the security practices currently being employed by healthcare-covered entities and business associates.
The HHS is seeking comment on the provisions of the Health Information Technology for Economic and Clinical Health Act, enacted in 2009, which incentivizes healthcare entities to adopt strong cybersecurity practices by encouraging HHS to consider organizations' cybersecurity practices when conducting audits or administering HIPAA fines, according to a April 6 request for information.
Organizations are being asked to comment on either information or clarifications HHS's Office of Civil Rights could provide healthcare entities on implementing future security guidance or rule-making, as well as recommendations for possible methodologies on how civil monetary penalties could be shared with individuals who have been harmed by HIPAA breaches and other protected health information privacy and security violations.
The department is accepting public comment on these regulatory matters until June 6.