Lexology January 22, 2025
Paul Hastings LLP

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The NPRM was later published in the Federal Register on January 6, 2025 (full text here).

According to OCR, the proposed rule comes in response to growing cyber threats impacting regulated entities, with language noting, “[b]etween 2018 and 2023, the number of breaches of unsecured PHI reported to [HHS] grew at an...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
DOGE cuts at health agencies prompt 'brain drain' fears
Federal health, research firings draw alarm: ‘Every American should be outraged’
Inside RFK Jr.’s health department takeover
STAT+: Pharmalittle: We’re reading about RFK Jr. targeting CDC and FDA advisers, a Pfizer gene therapy, and more
5 Key Health Care Moments During President Trump's First Month Back in Office

Share This Article