Signed into law on January 5, 2021, Public Law 116-321 requires HHS to take into consideration certain recognized security practices of covered entities and business associates when determining potential fines, audit results, or other remedies for resolving potential violations of the HIPAA Security Rule. Dawn Morgenstern, Chief Privacy Officer and Director of Consulting Services, Clearwater, speaks with Aleksandra Vold, Partner, Baker & Hostetler LLP, about Public Law 116-321’s impact on OCR investigations, how covered entities and business associates are approaching the question of recognized security practices, and recommended frameworks for meeting the expectations of Public Law 116-321. Sponsored by Clearwater.