By Mike Semel, president of Semel Consulting
A new federal law plans to reward HIPAA covered entities and business associates for implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
The law provides ‘safe harbor’ from HIPAA data breach penalties and allows audits to be terminated early if an organization can demonstrate that it has implemented the government-recognized cybersecurity program for the previous 12 months.
The new regulations for HIPAA, HR 7898, were signed into law on January 5, 2021, but will need to go through rule-making processes before they take effect. However, because the mandate requires regulators to confirm that an organization’s cybersecurity programs have been in effect for the previous 12 months, covered entities and business associates can start implementing the controls now to take advantage of the reduced risk of fines and audits.