Lexology March 6, 2025
Bradley Arant Boult Cummings LLP

In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the application of the HIPAA Security Rule to artificial intelligence (AI) and other emerging technologies. While the HIPAA Security Rule has traditionally been technology agnostic, HHS explicitly addresses security measures for these evolving technology advances. The NPRM provides guidance to incorporate AI considerations into compliance strategies and risk assessments.

AI Risk Assessments

In the NPRM, HHS would require a comprehensive, up-to-date inventory of all technology assets that identifies AI technologies interacting with ePHI. HHS clarifies that the Security Rule governs ePHI used in both...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: AI (Artificial Intelligence), Cybersecurity, Govt Agencies, HHS, HIPAA, Technology
Related Articles:
Infographic: ECRI’s Top 10 Tech Hazards of 2026
Doctors Increasingly See AI Scribes in a Positive Light. But Hiccups Persist.
The Download: OpenAI’s plans for science, and chatbot age verification
AI Personas Of Synthetic Clients Spurs Systematic Uplift Of Mental Health Therapeutic Skills
Models that improve on their own are AI's next big thing

Share Article