Lexology January 22, 2025
Paul Hastings LLP

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of Electronic Protected Health Information (Security Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The NPRM was later published in the Federal Register on January 6, 2025 (full text here).

According to OCR, the proposed rule comes in response to growing cyber threats impacting regulated entities, with language noting, “[b]etween 2018 and 2023, the number of breaches of unsecured PHI reported to [HHS] grew at an...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
STAT+: What to know about MAHA as RFK Jr. nears powerful health care role
How RFK Jr. won Cassidy over
Final 2026 Payment Notice: Risk Adjustment
How Would the New Administration’s Nominations Impact Obesity Care?
Robert F. Kennedy Jr. moves closer to becoming HHS secretary

Share This Article