The U.S. Department of Health and Human Services’ Office for Civil Rights issued new guidance for “recognized security practices” for enforcing the Health Insurance Portability and Accountability Act, InfoSecurity reports. The guidance clarifies a 2021 rule added into the Health Information Technology for Economic and Clinical Health Act of 2009 which required OCR to evaluate “regulated entities’ implementation of ‘recognized security practices’" over the prior year “when the agency makes certain HIPAA enforcement determinations.”
OCR creates new guidance for HIPAA 'recognized security practices'
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act
