Security Compliance Programs for Covered Entities and Business Associates

Posted by BAS - 11 February, 2021


A new law passed in the last administration provides incentives for HIPAA covered entities and business associates to implement security compliance programs. The law provides that an entity’s security practices must be taken into account by the U.S. Department of Health and Human Services before HHS applies penalties to the entity. If the organization can demonstrate that it had recognized security practices in place for at least the 12 months prior to the incident, HHS may mitigate fines and penalties.

“Recognized security practices” include guidelines, standards, procedures and processes developed under: NIST, the Cybersecurity Act of 2015, and other statutory programs that address cybersecurity.

This new law should encourage business associates and covered entities to implement security practices and procedures based on current cybersecurity guidance.

Topics: HIPAA, MyEnroll360 Security, HR & Benefits News, Technology News

Recent Posts

MyEnroll360 Customizable Login Notice

read more

Question of the Week

read more

Sending Attachments to BAS

read more