Health Care Politics Security

Explaining the HIPAA Safe Harbor Act

Thank you to Danielle McKinley of PCI HIPAA

The HIPAA Safe Harbor Act amends Subtitle D of the Health Information Technology for Economic and Clinical Health (HITECH) Act act to require the Department of Health and Human Services (HHS) to consider whether organizations have “recognized cybersecurity practices” in place when investigating a data breach, and to be lenient with their fines or other enforcement actions if the practice has met all basic technical safeguard requirements.

This means that if a health care provider is following the basic HIPAA Privacy Rule provisions and safeguards to mitigate threats, the fine for a data breach should be lower.

Source: Explaining the HIPAA Safe Harbor Act