Lexology January 2, 2025
Morgan Lewis & Bockius LLP

For the first time in 11 years, the US Department of Health and Human Services (HHS) has proposed updating the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Proposed Rule, to be published on January 6, 2025, aims to “increase the cybersecurity” for electronic protected health information (ePHI) by addressing the changing healthcare environment, increased frequency of breaches and cyberattacks, common compliance deficiencies observed by the HHS Office for Civil Rights, and other relevant changes to the legal landscape such as court decisions and best practices. Comments to the Proposed Rule are due March 7, 2025.

The Proposed Rule makes a number of significant changes to the Security Rule (Security Standard for the Protection...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
OCR Kicks Off 2026 with Reminders about "System Hardening" for HIPAA Covered Entities
Providers Evaluate Security as Updated HIPAA Compliance Looms
Updates to HIPAA Notice of Privacy Practices Required by February 16, 2026
How Healthcare Organizations Can Navigate Security Changes Linked to HIPAA Updates
Preparing for the HIPAA Security Rule Update

Share Article