On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), discussed in a previous McGuireWoods’ post. The comment period for these proposals recently ended on May 6, 2021, and HHS received almost 1500 comments from interested stakeholders. If finalized, these proposals will require HIPAA-covered entities and business associates to implement many changes, including updates to their policies, procedures, security standards, notices of privacy practices, authorization and disclosure forms, and business associate agreements. In the age of digital targeting and ransomware, possibly the most important of these is a change to security standards.
Continue Reading As HIPAA, HITECH Undergo Modernization, NIST Seeks Comment on Security Standard Guidance