HIPAA Safe Harbor Law Fast Facts

  • Effective January 5, 2021.
  • New considerations to Covered Entities and Business Associates when conducting
  • audits or investigations that might result in fines.
  • Bill recognizes organizations with a HITRUST Certification for doing the
  • right thing.
  • Demonstrating compliance with the HIPAA Security Rule.

HIPAA Safe Harbor Security Practices

  • The bill defines 'Recognized Security Practices' as "standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the NIST Act, the approaches promulgated under section 405(d) of the Cybersecurity Act of 2015."
  • Aim is to reduce potential sanctions, penalties, and the length of audits when cybersecurity best practices are followed.
  • HITRUST believes the legislation will encourage healthcare organizations to take a more proactive approach to HIPAA compliance.
  • HITRUST Certification are recognized to protecting healthcare data.
  • NIST Informative References in version 1.1 of the NIST Cybersecurity Framework document include CIS CSC, COBIT, ISA 62443-2-1 and 62443-3-3, ISO/IEC 2001, and NIST SP 800-53.
  • NIST Online Informative Reference (OLIR) Catalog contains Informative References such as NIST IR 8286, NIST SP 800-171, NIST SP 800-181, and the HITRUST CSF.
  • HITRUST Certification