summary
Introduced
12/10/2019
12/10/2019
In Committee
12/11/2019
12/11/2019
Crossed Over
Passed
Dead
12/31/2020
12/31/2020
Introduced Session
116th Congress
Bill Summary
A BILL To amend the Health Information Technology for Economic and Clinical Health Act to require consideration, in certain circumstances, of whether a covered entity or business associate has adequately demonstrated that it had recognized security practices, and for other purposes. 1
AI Summary
This bill amends the Health Information Technology for Economic and Clinical Health Act to require the Secretary of Health and Human Services to consider whether a covered entity or business associate has adequately demonstrated that it had recognized security practices in place for at least the previous 12 months when making determinations related to fines, audits, or other remedies under the HIPAA Security rule. The bill defines "recognized security practices" as standards, guidelines, best practices, and other procedures developed under various federal authorities. The bill also specifies that the Secretary cannot use a lack of these recognized security practices to increase fines or the length or extent of audits, and that entities are not liable for electing not to engage in these practices, while clarifying that the Secretary's authority to enforce the HIPAA Security rule is not limited.
Committee Categories
Business and Industry, Health and Social Services
Sponsors (2)
Last Action
Referred to the Subcommittee on Health. (on 12/11/2019)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://www.congress.gov/bill/116th-congress/house-bill/5386/all-info |
| BillText | https://www.congress.gov/116/bills/hr5386/BILLS-116hr5386ih.pdf |
| Bill | https://www.congress.gov/116/bills/hr5386/BILLS-116hr5386ih.pdf.pdf |
Loading...