The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has unveiled a Notice of Proposed Rulemaking (NPRM) to modify the HIPAA Security Rule in an effort to bolster cybersecurity protections for electronic protected health information (ePHI).
The proposed changes aim to address the growing cybersecurity threats facing the healthcare sector by updating and strengthening compliance standards.
The HIPAA Security Rule, first established in 1996, sets national requirements for safeguarding ePHI, applying to covered entities such as health plans, healthcare clearinghouses, most healthcare providers, and their business associates.
Building on the Biden Administration’s commitment to protecting critical infrastructure, this proposal introduces significant revisions to improve the healthcare industry’s resilience against cyberattacks.
The proposed rule aligns with broader federal efforts, including the National Cybersecurity Strategy, initially launched by the Biden-Harris Administration in 2023 and updated in May 2024.
HHS also released the Healthcare Sector Cybersecurity Concept Paper in 2023,…
