We will be closed for Thanksgiving, Christmas and New Year's Day. As always, the emergency support line will be open.

What the HIPAA Safe Harbor Law Means for Medical Practices

April 14th, 2021 by Brian Wakefield

A doctor reaching out and pressing on a hexagon that displays the word HIPAA in the foreground that is connected to other hexagons with symbols related to healthcare

This January, the HIPAA Safe Harbor Bill became law, and it's changing how all medical practices and healthcare organizations need to approach their cyber security. Here's what the law does and how it can affect your business:

HIPAA Safe Harbor Law

This new law requires that the Department of Health and Human Services (HHS) take into consideration whether "recognized cyber security practices" have been implemented in the past 12 months when investigating data breaches. The government has realized that even organizations implementing the best security practices last year could not prevent a cyberattack. As a result, the HHS now takes the following factors into account:

  • Cyber Security measures must be considered when calculating fines rather than issuing disciplinary actions and penalties for an unpreventable attack.
  • If it's determined that the impacted entity meets the industry-standard best security practices, HHS is required to decrease the extent and length of an audit.
  • Organizations found not to be in compliance with the NIST guidelines or the Cybersecurity Act of 2015 can not have fines or audit lengths increased.

What It Means for You

This law means more lenience regarding fines or other enforcement actions following cyberattacks for healthcare organizations. However, this only applies if your practice has met all the basic technical safeguard requirements. You have to be able to demonstrate that industry-standard security measures were implemented for 12 months to be covered by the law; otherwise, the fine you receive will still be rather heavy if a data breach occurs.

How BTS Can Help

How can your business get the protection that meets the "recognized cyber security practices" requirements for the HIPAA Safe Harbor Law? BTS offers cyber security solutions for medical practices that specifically meets the National Institute of Standards and Technology (NIST) Framework this law requires. Unlike competitors who break up or offerings into multiple pieces. We offer a holistic approach to cyber security.

Contact BTS Today to Learn More…

Book a 20 Minute Cyber Security Consultation Now

Posted in: Cyber Security, News


View of downtown Birmingham, Alabama from Vulcan Park

Call Us or Fill Out the Form Below
(205) 290-8400