Thursday, January 14, 2021 On January 5, 2020, President Trump signed into law H.R. 7898. This new statute amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Department of Health and Human Services (HHS) to consider efforts by HIPAA covered entities and business associates to implement “recognized security practices” when assessing fines or penalties under the HIPAA Security Rule. The statute provides that if a HIPAA covered entity or business associate can demonstrate compliance for the previous twelve months with “recognized security practices,” then that entity may benefit in the following scenarios: 1. mitigation of fines related to a HHS investigation resulting from a security incident;