Medcom Blog


The HIPAA Safe Harbor Act

The HIPAA Safe Harbor Act went into effect in January 2021 and amended HITECH. It was overlooked for the most part as COVID-19 has garnished all the attention since 2020. So, we are breaking down this law and how it affects your business.

What is it?

The Safe Harbor Act considers the best practices that a HIPAA-regulated covered entity has adopted during the preceding 12 months if they subsequently have a breach. This is huge because it means reduced penalties, and HHS will decrease the extent of any audits!

The HIPAA Safe Harbor bases the Recognized Security Practices on the National Institute of Standards and Technology (NIST) Act. CEs and BAs must adhere to section 2(c)(15) of the NIST, including all:

  • Best practices
  • Guidelines
  • Methodologies
  • Procedures
  • Processes
  • Standards

What Employers Need to Do

As part of this, a covered entity must have completed an accurate and thorough risk assessment and reduced their risks to a low or acceptable level.

Employers with self-funded health plans need to jump on board as health plans are covered entities. The first step is to complete an accurate and thorough risk assessment and manage the level of risk.

How Medcom Can Help

Did you know that Medcom Benefit Solutions can walk you through a risk assessment, establish the level of risk, and provide a risk management plan specially tailored for self-funded health plans? It only takes 2-3 hours!

HIPAA compliance is crucial to the success and longevity of your business. However, there are numerous rules and regulations employers need to navigate. Not only do you have to read and understand all the rules of HIPAA, but your company will have to develop policies and procedures for handling PHI, develop training for those programs, and communicate them clearly with all business associates. We offer other solutions to take the stress off of you, including:

  • Completion of Client Orientation & Implementation Conference Call
  • HIPAA Privacy & Security Training
  • Preparation & Delivery of Privacy Policies
  • Risk Assessment via our proprietary software
  • Final Risk Assessment Report and Risk Management Plan
  • Ongoing Consultation & Support via Medcom’s Help Desk

For more information, do not hesitate to contact us at or (800) 523-7542.

To stay up to date with all the latest HIPAA and other employee benefit news, follow us on Facebook, Twitter, and LinkedIn.

Stay Connected