Journal of Healthcare Risk Management: Richard Sheinis on the HIPAA Safe Harbor Law

In a Journal of Healthcare Risk Management article about the HIPAA Safe Harbor Law in which HIPAA-covered entities and their business associates receive certain protections when potentially facing fines and other penalties under HIPAA, Richard Sheinis, Partner and Leader of the Data Privacy & Cyber Security Service Area at Hall Booth Smith, said the law can only be introduced after a data breach has occurred.

According to Richard, the entity also should be aware that simply complying with the HIPAA Security Rule likely will not be sufficient to meet the standard of recognized security practices: “Meeting the standard of recognized security practices is not easy and is not done quickly. Rather, it takes a great amount of coordination by the entity’s IT professional to demonstrate in writing that the standards have been met,” he said.

“Keep in mind that this safe harbor does not provide automatic immunity from a finding that a security breach occurred or that a penalty should be imposed. However, it can serve as an aid after the fact, to reduce the likelihood or amount of a penalty.”

The Safe Harbor Law is an incentive to entities to improve their security practices, he said. However, even if this standard is met, an entity still can be penalized for a security breach.

Subscribers may read the full article on the Journal of Healthcare Risk Management site.