On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare alike. Here is the full version reproduced below:
OCR Releases New Recognized Security Practices Video
October 31, 2022
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon. Section 13412 of the HITECH Act requires OCR to take into consideration in certain Security Rule enforcement and audit activities whether a regulated entity has adequately demonstrated that recognized security practices were “in place” for the prior 12 months.
This presentation is intended to educate the health care industry on the categories of recognized security practices and how entities regulated under the HIPAA Rules may demonstrate implementation. Topics include:
- The 2021 HITECH Amendment regarding recognized security practices
- How regulated entities can demonstrate that recognized security practices are in place
- Details the evidence of recognized security practices that may be requested by OCR in the event of a HIPAA Security Rule investigation or audit
- Where to find more information about recognized security practices
- Provides answers to a selection of questions submitted to OCR in June 2022 on recognized security practices
The video presentation may be found on OCR’s YouTube channel at: https://youtu.be/e2wG7jUiRjE
Original source: https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html
