Partners in Medicine spotlight

by David Schmeltzer, Director of Education, Abyde

We’ve all had a lot of adjusting to do over the past year and the rules and requirements we’re expected to follow are no different. As technology and patient needs continue to evolve, it only makes sense that the standards providers uphold progress right along with it. With two new laws passed in just the first few months of 2021 and plenty more still to come, there’s even more adjustments for your practice to make and new requirements to comply with.

The HIPAA Safe Harbor Law

On Jan. 5, the government officially kicked off their “new year, new law” resolution by enacting the HIPAA Safe Harbor Law. After the continued spike in cyberattacks and HIPAA enforcement seen in recent months, these new requirements came at a perfect time to provide even more incentives for keeping data secure. The HIPAA Safe Harbor Law is an amendment to the HITECH Act and requires the government to take into account if practices have recognized cybersecurity practices in place when investigating a data breach, and to be lenient with their fines or other enforcement actions if the practice has met all the basic technical safeguard requirements at least 12 months before the incident occurred. This essentially means that if you have the right Security Rule basics down including a properly documented security risk analysis (SRA) to identify risks, and appropriate technical safeguards to mitigate your recognized threats, you’ll be able to save a lot of stress and money when or if an incident occurs.

The 21st Century Cures Act 

More recently, the new set legislation directed by the Office of the National Coordinator for Healthcare Technology (ONC) officially took effect on April 5, bringing several advancements to health care and technology. The 21st Century Cures Act addresses a patients’ right to access their own medical records and prevents information blocking – two top concerns among providers and the catalysts to many of the latest HIPAA fines. These new requirements keep a “patients-first” focus and work to strike the balance between providing easier record access and maintaining data privacy and security.

Proposed changes to the HIPAA Privacy Rule

Now these two laws aren’t the only new requirements you need to have on your radar – the Office for Civil Rights (OCR) also proposed modifications to the HIPAA Privacy Rule that are set to be finalized in the coming months. The proposed changes are designed to address barriers to value-based health care, particularly those that limit or discourage care coordination and case management communications, as well as amend provisions of the Privacy Rule that pose “unnecessary regulatory burdens” without sufficiently improving privacy protections.

So now what? 

Wondering how these new laws impact HIPAA requirements? Spoiler alert – they don’t. All of those HIPAA requirements surrounding data privacy and security, proper PHI disclosure, and patient record access are still featured within the new legislation and should not be forgotten. Having a complete compliance program in place is the groundwork for protecting patient data, and underscores what all of these new requirements and upcoming changes entail.

We know that your practice has enough to worry about as it is and keeping up with complex requirements in an ever-changing legislative environment is becoming increasingly difficult to manage. While having a complete compliance program is essential to avoiding a HIPAA fine, it isn’t something you have to do on your own. Schedule a complementary one-on-one consultation with a HIPAA expert to see what your practice needs to be doing to comply with all government requirements (including the new ones we just covered) and how Abyde makes keeping up with the latest and greatest, stress-free. Go to to schedule your consultation.

David Schmeltzer is the director of education for Abyde. Contact him at 727-265-2532 or

Categories: Communications, Colorado Medicine, Member benefit spotlight