In a new post on the Covington Digital Health blog, our colleagues discuss the Office for Civil Rights’ (“OCR”) recently published request for information (“RFI”) seeking comment on implementing certain provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The RFI seeks input as to how covered entities and business associates are voluntarily implementing recognized security practices and on the process for distributing to harmed individuals a percentage of civil monetary penalties (“CMPs”) or monetary settlements collected pursuant to the HITECH Act. The issuance of the RFI indicates that a rulemaking or further guidance related to the HITECH Act may be forthcoming.