Lexology January 9, 2025
Akerman LLP

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their Business Associates (Regulated Entities) invest significant resources to comply with new, less flexible requirements designed to strengthen the cybersecurity posture of the American healthcare system. We discuss below several aspects of OCR’s comprehensive overhaul of the Security Rule published in its Notice of Proposed Rulemaking (NPRM) on January 6, 2025, the first proposed revisions to the Security Rule since 2013. The 60-day notice and comment period closes on March 7, 2025.

In a Press Release announcing the proposed updates, OCR Director Melanie Fontes Rainer stated...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, HIPAA, Technology
Related Articles:
HHS’ Proposed HIPAA Changes Are a Step in the Right Direction, But Some Providers May Struggle to Comply
New Health Cybersecurity Rule: What Docs Should Know
Navigating privacy risks: Third-party trackers still pose challenges to MCOs
Healthcare CIOs Prepare For HIPAA Update
HHS proposes HIPAA update to boost healthcare cybersecurity

Share This Article