December 30, 2024

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Foley Hoag LLP - Security, Privacy and the Law

+ Follow Contact

Send

Embed

Foley Hoag LLP - Security, Privacy and the Law

The Department of Health and Human Services (HHS) has proposed significant modifications to the HIPAA Security Rule and the HITECH Act in an attempt to strengthen cybersecurity protections for electronic protected health information (ePHI). This proposed rulemaking represents a significant update to HIPAA cybersecurity standards, aiming to address modern threats and technological advancements in healthcare. According to HHS, the proposed rule, for which HHS is accepting comments until early March, would clarify and provide more specific instruction about what entities and their business associates would have to do to protect health information. Key aspects of the proposed regulations include:

Proposed Changes

Updating Definitions: The proposal clarifies and adds new definitions for terms like "access," "authentication," "multi-factor authentication," and "vulnerability" to reflect current cybersecurity concepts.
Strengthening Administrative Safeguards: HHS aims to enhance requirements for risk analysis, risk management, and workforce security measures.
Enhancing Physical Safeguards: The proposal includes updates to physical security measures for protecting ePHI and associated systems.
Improving Technical Safeguards: New provisions focus on strengthening access controls, audit controls, and transmission security.
Organizational Requirements: The proposal updates standards for business associate contracts and group health plan requirements.

Rationale and Context

Evolving Healthcare Environment: HHS cites significant changes in healthcare delivery and technology since the Security Rule was last revised in 2013.
Increasing Cybersecurity Threats: The proposal responds to alarming growth in data breaches and cyberattacks affecting the healthcare sector.
Critical Infrastructure Protection: The changes align with the designation of healthcare as a critical infrastructure sector by the President.

A fact sheet on the HIPAA Security Rule NPRM is available at: https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

Written by:

Foley Hoag LLP - Security, Privacy and the Law

Contact + Follow

Colin Zick

+ Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

Business Associates

+ Follow

Comment Period

+ Follow

Covered Entities

+ Follow

Cybersecurity

+ Follow

Department of Health and Human Services (HHS)

+ Follow

Electronic Protected Health Information (ePHI)

+ Follow

Health Insurance Portability and Accountability Act (HIPAA)

+ Follow

HIPAA Security Rule

+ Follow

HITECH Act

+ Follow

NPRM

+ Follow

OCR

+ Follow

Popular

+ Follow

Privacy Laws

+ Follow

Proposed Rules

+ Follow

Regulatory Requirements

+ Follow

Rulemaking Process

+ Follow

Health

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Foley Hoag LLP - Security, Privacy and the Law on:

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Latest Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Foley Hoag LLP - Security, Privacy and the Law on:

"My best business intelligence, in one easy email…"