HealthIT Answers December 11, 2025
Industry News

More than 100 hospital systems, healthcare provider organizations, and provider associations have signed a joint stakeholder letter led by the College of Healthcare Information Management Executives (CHIME) calling on the U.S. Department of Health & Human Services (HHS) to withdraw its proposed update to the HIPAA Security Rule and instead engage with healthcare providers to develop a more practical, risk-based cybersecurity framework.

The proposal would dramatically expand and fundamentally alter existing federal cybersecurity requirements for hospitals and healthcare providers. While providers firmly agree that cyber safety is patient safety, signatories warn that the rule would impose significant unfunded mandates, mandate prescriptive technical controls that conflict with modern healthcare IT architectures, and substantially increase documentation, reporting, and compliance burdens for already...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, HIPAA, Provider, Technology
Related Articles:
OCR Kicks Off 2026 with Reminders about "System Hardening" for HIPAA Covered Entities
Providers Evaluate Security as Updated HIPAA Compliance Looms
Updates to HIPAA Notice of Privacy Practices Required by February 16, 2026
How Healthcare Organizations Can Navigate Security Changes Linked to HIPAA Updates
Preparing for the HIPAA Security Rule Update

Share Article