Lexology January 2, 2025
Hunton Andrews Kurth LLP

On December 27, 2024, the U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) announced a Notice of Proposed Rulemaking (“NPRM”) to update the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule. The NPRM is intended to strengthen cybersecurity protections for electronic protected health information (“ePHI”) in light of increasing cybersecurity threats to the health care sector.

The NPRM, among other items, proposes requiring covered entities and business associates to implement the following security measures:

  • Encrypt ePHI at rest and in transit, with limited exceptions;
  • Use multi-factor authentication (MFA), with limited exceptions;
  • Implement network segmentation;
  • Create written documentation of all Security Rule policies, procedures, plans, and analyses;
  • Within 24 hours of a...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
Healthcare CIOs Prepare For HIPAA Update
5 healthcare positions of RFK Jr.
Trump’s chronic disease divide
HHS proposes HIPAA update to boost healthcare cybersecurity
HHS Proposes Rule to Bolster Cybersecurity Standards for Electronic Patient Data

Share This Article