The Department of Health and Human Services (HHS) has announced that it will be soliciting comments on proposed modifications to the Health Insurance Portability and Accountability Act’s (HIPAA) Security Standards for the Protection of Electronic Protected Health Information. The changes aim to strengthen healthcare cybersecurity, address growing breach trends, and improve enforcement.
The proposed updates align with the Biden-Harris Administration’s 2023 National Cybersecurity Strategy and support HHS’ Healthcare Sector Cybersecurity concept paper. The plans include publishing voluntary cybersecurity best practices and a strategy for greater enforcement and accountability.
HHS Deputy Secretary Andrea Palm stated that the proposed rule is crucial to ensuring healthcare providers, patients, and communities are prepared to face cyberattacks and are more secure and resilient. OCR Director Melanie Fontes Rainer noted that the number of people affected by large breaches has skyrocketed exponentially, with over 167 million individuals affected in 2023.
The updates propose increased documentation requirements on all covered entities, including an express requirement for a written inventory of technology assets and a network map. This aims to strengthen HIPAA audits and improve enforcement.
With the growing frequency and sophistication of cyberattacks in healthcare, Palm emphasized that these threats directly impact patient safety by exposing vulnerabilities, degrading trust, disrupting care, and delaying medical procedures.
Source: https://www.healthcareitnews.com/news/hhs-releases-notice-hipaa-security-rule-update