Governance & Risk Management , Healthcare , Industry Specific

A Close Look at HHS' Cyber Donation 'Safe Harbor' Proposals

Regulatory Attorney Julie Kass Analyzes the Proposed Rules
A Close Look at HHS' Cyber Donation 'Safe Harbor' Proposals
Attorney Julie Kass of law firm Baker Donelson

Two rules proposed by federal regulators could provide significant help to strengthen cybersecurity in the healthcare ecosystem, says regulatory attorney Julie Kass of the law firm Baker Donelson.

In October, the Department of Health and Human Services issued the proposed rules creating "safe harbors" that would permit hospitals to donate certain cybersecurity software and services to physicians (see HHS Proposes Allowing Cybersecurity Donations to Doctors).

The moves would modify the so-called Stark Law and federal anti-kickback regulations. HHS is collecting public comments on its proposals until Dec. 31.

"These are very broad exceptions that would allow a hospital to make a donation - not monetary - for cybersecurity technology or related services," Kass explains in an interview with Information Security Media Group.

Managing Risk

Regulators are proposing the rules because HHS has been hearing from healthcare industry stakeholders "that there is a lot of protected health information that flows back and forth and within the healthcare ecosystem ... and a lot of risk related to cyberattacks that originate with what the government calls 'weak links'," she says.

"Physician offices are usually less technologically savvy than large hospitals - and that's why you're seeing [the need for] these donations to be given from the hospitals to the physicians - so that it protects the ecosystem."

In the interview (see audio link below photo), Kass also discusses:

  • The kinds of cybersecurity technology and services that likely would be covered by the safe harbors and why donations of hardware are currently excluded in the proposals;
  • How the cybersecurity donation proposals fit in with the HITECH Act, which provided financial incentives for the adoption of certified electronic health records;
  • The pros and cons - including potential liability issues - if these new proposed cybersecurity donation safe harbors and exceptions are approved;
  • HHS enforcement trends looking ahead.

Kass, co-chair of law firm Baker Donelson's health law group, is a regulatory attorney with a practice that encompasses a range of services. She has experience related to the fraud and abuse aspects of Medicare and Medicaid, including the Stark and anti-kickback laws.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.