The Department of Health and Human Services' Office for Civil Rights is seeking comments on implementing recognized security practices, determining compensable "harm," and sharing settlement amounts related to HIPAA/HITECH violations.
Alysa Austin and Lance Taubin discuss OCR expectations for implementing recognized security practices, the steps covered entities should be taking now, what should constitute a compensable "harm," and payment methodologies to determine settlement sharing.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.