Lexology January 2, 2025
Hunton Andrews Kurth LLP

On December 27, 2024, the U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) announced a Notice of Proposed Rulemaking (“NPRM”) to update the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule. The NPRM is intended to strengthen cybersecurity protections for electronic protected health information (“ePHI”) in light of increasing cybersecurity threats to the health care sector.

The NPRM, among other items, proposes requiring covered entities and business associates to implement the following security measures:

  • Encrypt ePHI at rest and in transit, with limited exceptions;
  • Use multi-factor authentication (MFA), with limited exceptions;
  • Implement network segmentation;
  • Create written documentation of all Security Rule policies, procedures, plans, and analyses;
  • Within 24 hours of a...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
STAT+: 9 influencers shaping health information online, for better or worse
Charted: Where measles is surging (again)
Flu Season Is a Stress Test. Our Healthcare System Keeps Failing.
SAMHSA Announces $231M Funding for 988 Suicide and Crisis Lifeline Expansion
Opinion: Our podcast ‘Why Should I Trust You?’ connects MAHA and public health. Here’s what we’ve learned

Share Article