Lexology January 2, 2025
Hunton Andrews Kurth LLP

On December 27, 2024, the U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) announced a Notice of Proposed Rulemaking (“NPRM”) to update the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule. The NPRM is intended to strengthen cybersecurity protections for electronic protected health information (“ePHI”) in light of increasing cybersecurity threats to the health care sector.

The NPRM, among other items, proposes requiring covered entities and business associates to implement the following security measures:

  • Encrypt ePHI at rest and in transit, with limited exceptions;
  • Use multi-factor authentication (MFA), with limited exceptions;
  • Implement network segmentation;
  • Create written documentation of all Security Rule policies, procedures, plans, and analyses;
  • Within 24 hours of a...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
Trump and primary care: Best ways to Make America Health Again
HHS job cuts mount: 5 notes
President Trump Establishes Make America Healthy Again Commission: Implications for Life Science, Journal Publications and Continuing Healthcare Education
Opinion: HHS’ national health security division must be preserved
Pharma and medtech industry reacts to FDA, CDC and NIH job cuts

Share This Article