An amendment to the Health Information Technology for Economic and Clinical Health Act (HITECH) enacted on January 5, 2021 provides incentive for a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), or a covered entity’s business associates, to adopt recognized security practices. H.R. 7898, enacted as P.L. 116-321, states that the Secretary of the Department of Health and Human Services shall consider whether the covered entity or business associate has adopted recognized security practices, that may mitigate fines or other remedies imposed for HIPAA security violations, or favorable termination of a HIPAA security audit. Recognized security practices are standards, guidelines and best practices developed by the National Institute of Standards & Technology (NIST) or other regulatory guidelines for cybersecurity.