Policy & Medicine March 2, 2025
Thomas Sullivan

The U.S. Department of Health and Human Services (HHS) wants to update the HIPAA security rule for the first time in more than a decade to bolster healthcare cybersecurity. On January 6, the Office for Civil Rights (OCR), which enforces HIPAA, proposed changes to the regulation that aims to clarify and offer more specific instruction on securing electronic health data. The update would also require organizations and their business associates to keep security policies in writing, as well as review, test and update them on a regular basis. The proposal comes as the healthcare sector has weathered a growing wave of cyberattacks and data breaches.

More on Proposed Rule

Currently, the HIPAA Security Rule distinguishes between “required” and “addressable” implementation...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
OCR Kicks Off 2026 with Reminders about "System Hardening" for HIPAA Covered Entities
Providers Evaluate Security as Updated HIPAA Compliance Looms
Updates to HIPAA Notice of Privacy Practices Required by February 16, 2026
How Healthcare Organizations Can Navigate Security Changes Linked to HIPAA Updates
Preparing for the HIPAA Security Rule Update

Share Article