Lexology February 27, 2025
Koley Jessen PC

Significant changes are being proposed to the HIPAA Security Rule that will require Covered Entities and Business Associates to reevaluate their current HIPAA compliance practices. On January 6, 2025, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to modify the HIPAA Security Rule (42 C.F.R. § 164.300 et seq.). To combat growing and consistent cybersecurity threats, the NPRM aims at strengthening cybersecurity protections for electronic Protected Health Information (“ePHI”).

HIPAA Security Rule Background and Purpose of NPRM

The Security Rule established national standards governing the protection of ePHI. Covered Entities and Business Associates are required to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, HIPAA, Provider, Technology
Related Articles:
OCR Kicks Off 2026 with Reminders about "System Hardening" for HIPAA Covered Entities
Providers Evaluate Security as Updated HIPAA Compliance Looms
Updates to HIPAA Notice of Privacy Practices Required by February 16, 2026
How Healthcare Organizations Can Navigate Security Changes Linked to HIPAA Updates
Preparing for the HIPAA Security Rule Update

Share Article