Just when it seemed impossible to avoid penalties for highly sophisticated and unavoidable cybersecurity breaches, a new bill known as the HIPAA Safe Harbor has come into effect. HIPAA’s overbearing standards have made it difficult for covered entities and businesses to follow the proper procedures. And in recent times, even organizations with industry-standard best security practices have experienced cybersecurity breaches.
This is certainly discouraging for entities who believe best security practices mean their defense is impenetrable. Some healthcare entities may lack the proper tools and resources to establish a rock-solid compliance program. Nevertheless, the passing of the HIPAA Safe Harbor bill will certainly encourage more entities to increase their investment in cybersecurity to meet HIPAA requirements.
The healthcare industry has long been plagued by cybersecurity incidents. Even the best cybersecurity practices and measures implemented by organizations proved to be futile against highly sophisticated cyberattacks. In 2020, from January to November, it has been reported that 79% of data breaches are connected to cybersecurity. What’s more, cyberattacks have increased by 45% in the last three months, from November 2020 to January 2021.
Should organizations just give up and accept fines for experiencing breaches? Well, not anymore. The recent news of passing this bill has sent shockwaves across the country. Why? Let’s see what the HIPAA Safe Harbor bill means.
What is the HIPAA Safe Harbor Bill?
On January 5, Present Donald Trump officially signed the HIPAA Safe Harbor Bill (HR 7898) into law. The bill adjusted the HITECH act to require the Department of Health and Human Services (HHS) to incentivize entities for best practice cybersecurity and meeting HIPAA requirements.
The HIPAA Safe Harbor bill was introduced to protect organizations that have been exploited by cybercriminals. The government saw that even the most security-conscious organizations are struggling to defend against cyber-attacks. And what did the Office for Civil Rights (OCR) do? The OCR kept issuing and increasing fines and penalties against these organizations. And therefore, with the backing of the House Energy and Commerce Committee, the proposed HIPAA Safe Harbor bill finally became law.