We will be closed for Thanksgiving, Christmas and New Year's Day. As always, the emergency support line will be open.

What the HIPAA Safe Harbor Law Means for Medical Practices

April 14th, 2021 by William Wentowski

A doctor reaching out and pressing on a hexagon that displays the word HIPAA in the foreground that is connected to other hexagons with symbols related to healthcare

This January, the HIPAA Safe Harbor Bill became law, and it's changing how all medical practices and healthcare organizations need to approach their cybersecurity. Here's what the law does and how it can affect your business:

HIPAA Safe Harbor Law

This new law requires that the Department of Health and Human Services (HHS) take into consideration whether "recognized cybersecurity practices" have been implemented in the past 12 months when investigating data breaches. The government has realized that even organizations implementing the best security practices last year could not prevent a cyberattack. As a result, the HHS now takes the following factors into account:

  • Cyber Security measures must be considered when calculating fines rather than issuing disciplinary actions and penalties for an unpreventable attack.
  • If it's determined that the impacted entity meets the industry-standard best security practices, HHS is required to decrease the extent and length of an audit.
  • Organizations found not to be in compliance with the NIST guidelines or the Cybersecurity Act of 2015 can not have fines or audit lengths increased.

What It Means for You

This law means more lenience regarding fines or other enforcement actions following cyberattacks for health care organizations. However, this only applies if your practice has met all the basic technical safeguard requirements. You have to be able to demonstrate that industry-standard security measures were implemented for 12 months to be covered by the law; otherwise, the fine you receive will still be rather heavy if a data breach occurs.

How BTS Can Help

How can your business get the protection that meets the "recognized cybersecurity practices" requirements for the HIPAA Safe Harbor Law? BTS offers cybersecurity solutions for medical practices that specifically meets the National Institute of Standards and Technology (NIST) Framework this law requires. Unlike competitors who break up or offerings into multiple pieces. We offer a holistic approach to cybersecurity.

Contact BTS Today to Learn More…

Book a 20 Minute Cybersecurity Consultation Now

Posted in: Services, Standards, Solutions


Call Us or Fill Out the Form Below
(205) 290-8400

Cal. Civ. Code ยง 1798.102 - Do Not Sell My Personal Information