Lexology January 2, 2025
Hunton Andrews Kurth LLP

On December 27, 2024, the U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) announced a Notice of Proposed Rulemaking (“NPRM”) to update the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule. The NPRM is intended to strengthen cybersecurity protections for electronic protected health information (“ePHI”) in light of increasing cybersecurity threats to the health care sector.

The NPRM, among other items, proposes requiring covered entities and business associates to implement the following security measures:

  • Encrypt ePHI at rest and in transit, with limited exceptions;
  • Use multi-factor authentication (MFA), with limited exceptions;
  • Implement network segmentation;
  • Create written documentation of all Security Rule policies, procedures, plans, and analyses;
  • Within 24 hours of a...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
Fauci allies, Covid vaccine officials get ax at NIH
Medical device cybersecurity could be challenged by HHS staffing cuts
‘Decimated’: Health department layoffs wipe out divisions and key programs, critics say
4 key takeaways as Trump’s sweeping HHS layoffs begin
FDA is ‘finished’ after mass layoffs, ex-commissioner says

Share This Article