Considerations for Implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act, as Amended: Request for Information, 45 CFR Part 164, Federal Register, v.87, n.66, April 6, 2022, pp.19833-19839, https://www.govinfo.gov/content/pkg/FR-2022-04-06/pdf/2022-07210.pdf.
” SUMMARY: The Office for Civil Rights (OCR) at the United States Department of Health and Human Services (HHS or the Department) is issuing this Request for Information (RFI) to solicit public comment on certain provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, namely: The consideration of recognized security practices of covered entities and business associates when OCR makes determinations regarding fines, audits, and remedies to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule; and the distribution to harmed individuals of a percentage of civil money penalties (CMPs) or monetary settlements collected pursuant to the HITECH Act, which requires the Secretary of HHS (Secretary) to establish by regulation, and based upon recommendations from the Government Accountability Office (GAO), a methodology under which an individual who is harmed by an act that constitutes an offense under certain provisions of the HITECH Act or the Social Security Act relating to privacy or security may receive a percentage of any CMP or monetary settlement collected by OCR with respect to such offense.”