Lexology January 22, 2025
Paul Hastings LLP

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The NPRM was later published in the Federal Register on January 6, 2025 (full text here).

According to OCR, the proposed rule comes in response to growing cyber threats impacting regulated entities, with language noting, “[b]etween 2018 and 2023, the number of breaches of unsecured PHI reported to [HHS] grew at an...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
States grapple with mental health funding cuts
The health industry is starting to express alarm about RFK Jr.
HHS begins layoffs in chaotic fashion
Clearing The Crux: Five Paths To Achieve Health Policy Change In 2025
HHS layoffs are here

Share This Article