Legislation Requires HHS to Consider Entities' Cybersecurity Practices in Enforcing HIPAA | Practical Law
Congress has passed and the President has signed legislation that amends the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to require the Department of Health and Human Services (HHS), in enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), to consider whether HIPAA covered entities (CEs) or business associates (BAs) have implemented and applied certain recognized security practices—including with regard to cybersecurity (Pub. L. No. 116-321 (Jan. 5, 2021); H.R. 7898).