Lexology January 9, 2025
Akerman LLP

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their Business Associates (Regulated Entities) invest significant resources to comply with new, less flexible requirements designed to strengthen the cybersecurity posture of the American healthcare system. We discuss below several aspects of OCR’s comprehensive overhaul of the Security Rule published in its Notice of Proposed Rulemaking (NPRM) on January 6, 2025, the first proposed revisions to the Security Rule since 2013. The 60-day notice and comment period closes on March 7, 2025.

In a Press Release announcing the proposed updates, OCR Director Melanie Fontes Rainer stated...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, HIPAA, Technology
Related Articles:
Pivot: Discussing the Impact of a Proposed HIPAA Security Update
Always Listening, Always Leaking?
Ensuring HIPAA Compliance in Telehealth Sessions
Navigating the 2024 proposed HIPAA security rule amendments
Proposed HIPAA Security Rule Requires AI Governance

Share This Article