The OCR Releases Video on Recognized Security Practices Under HITECH

In recognition of National Cybersecurity Awareness Month the OCR produced a video for organizations covered under the HIPAA Rules on ‘Recognized Security Practices.’ Recommended security practices can help your organization improve your ability to safeguard patient and client information from cyberattacks and better safeguard the health care services we all rely upon.  

In January 2021 Congress amended the HITECH Act. Section 13412 of the HITECH Act requires OCR to take into consideration in certain Security Rule enforcement and audit activities whether a regulated entity has adequately demonstrated that recognized security practices were “in place” for the prior 12 months. 

The video presentation is intended to educate the health care industry on the categories of recognized security practices and how covered entities and business associates (organizations regulated under the HIPAA Rules) may demonstrate implementation. The topics included in the video presentation are:

  • The 2021 HITECH Amendment regarding recognized security practices
  • How regulated entities can demonstrate that recognized security practices are in place
  • Details the evidence of recognized security practices that may be requested by OCR in the event of a HIPAA Security Rule investigation or audit
  • Where to find more information about recognized security practices
  • Provides answers to a selection of questions submitted to OCR in June 2022 on recognized security practices

The video presentation may be found on OCR’s YouTube channel at: https://youtu.be/e2wG7jUiRjE

Please take time to review the video and consider how your organization is using Recommended Security Practices. Implementing Recommended Security Practices mitigate actions the OCR takes when performing an audit or investigation.

Leave a Reply