HITRUST Says Healthcare’s Anti-Kickback Laws Should Have an Exemption for Cybersecurity Software and Services

February 20, 2017
746 Views

In a letter this week, HITRUST asked the Senate HELP Chairman Lamar Alexander to consider an exemption to the Stark Law for the donation or subsidization of security software.

HITRUST asserted that healthcare entities, particularly doctors’ offices, are often poorly prepared to defend themselves from hackers. But if they could receive help from larger hospital systems, that could change.

“Small, ill-equipped practices are vulnerable to security breaches, which can ultimately infiltrate the larger healthcare environment through the exchange of patient data,” wrote Dan Nutkis, chief executive of HITRUST. “Again, we need to empower physician practices to actively manage their security posture, not hinder them.”

It should be noted, however, that such help, in the form of software or other technology and management help, could be misinterpreted as a kickback under the Stark Law, which aims to prevent referrals between doctors who have a business relationship.

The Stark Law governs physician self-referral for Medicare and Medicaid patients and serves as a stringent barrier against fraud and abuse amongst healthcare providers.

View the HITRUST Stark Exception Congressional Letter

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

HITRUST® Grows Its Privacy Controls and Activities
Privacy
shares474 views
Privacy
shares474 views

HITRUST® Grows Its Privacy Controls and Activities

Lacy Deatrich - Jun 05, 2019

By Natalie Leutwyler, Lead Privacy Analyst, and Anne Kimbol, Chief Privacy Officer Recently a number of important privacy initiatives and…

HITRUST’s Contribution to Healthcare’s New ‘Network of Networks’
Security
shares1110 views
Security
shares1110 views

HITRUST’s Contribution to Healthcare’s New ‘Network of Networks’

Lacy Deatrich - May 17, 2019

HITRUST’s Role in the New Trusted Exchange Framework and Connected Agreement (TEFCA) By Anne Kimbol, Chief Privacy Officer, HITRUST The…

HITRUST’s Shared Responsibility Working Group Ensuring Efficient Operation of Security Controls for Customer of Cloud Services and Cloud Providers
Compliance & Risk Management
shares558 views
Compliance & Risk Management
shares558 views

HITRUST’s Shared Responsibility Working Group Ensuring Efficient Operation of Security Controls for Customer of Cloud Services and Cloud Providers

Lacy Deatrich - May 09, 2019

By Matthew Datel, Director of Education and Strategic Initiatives and Becky Swain, Director, Standards Development, HITRUST Since September 2018, the…