Healthcare groups ask OCR for clarity, flexibility on HITECH cybersecurity practices

The Office for Civil Rights in the U.S. Department of Health and Human Services is seeking input on the cybersecurity provisions and penalties outlined in the Health Information Technology for Economic and Clinical Health Act. Industry groups such as HIMSS, MGMA, and the Connected Health Initiative have responded with recommendations, including the need for a unified cybersecurity approach, flexibility for ambulatory practices, and up-to-date information about HIPAA obligations. They also emphasized the importance of safeguarding patient data and not revising the HIPAA Privacy Rule to require additional disclosures.