1 min read

HHS seeks input on AI governance for HIPAA Security Rule update

Lusanda Molefe Jan 29, 2025 4:47:47 PM

HIPAA compliance AI in healthcare
HHS logo with binary code and network visualization on dark blue background

The Department of Health and Human Services (HHS) has left artificial intelligence regulation open for discussion in its latest HIPAA Security Rule proposal. Meanwhile, a study from Cambridge researchers indicates that healthcare organizations are increasingly adopting AI technologies.

 

What's new

While the December 2024 proposal introduces several cybersecurity updates, HHS has chosen to seek additional input on AI and machine learning governance rather than establishing specific regulations. This approach comes as healthcare organizations try to figure out how to implement AI solutions while maintaining HIPAA compliance.

Read more: What to know about the changes to the HIPAA Security Rule 

 

Why it matters

The decision to delay AI regulation creates uncertainty for healthcare organizations already using or planning to implement AI solutions for patient care, data analysis, and administrative functions. This regulatory gap becomes more prominent as AI adoption in healthcare accelerates.

Related: Support the HHS's AI strategic plan with HIPAA compliant email

 

The big picture

The intersection of AI and protected health information (PHI) raises unique challenges:

  • Data security in AI model training
  • Patient privacy in automated decision-making
  • Transparency in AI-driven healthcare solutions
  • Compliance requirements for AI vendors

 

Looking ahead

President Trump's recent announcement of a $500 billion private sector AI infrastructure investment partnership could reshape the healthcare AI landscape. This investment might influence future HHS decisions on AI regulation within the HIPAA framework.

 

FAQs 

How should healthcare organizations approach AI implementation without specific guidance?

Organizations should apply existing HIPAA security and privacy requirements while maintaining detailed documentation of AI systems' interaction with PHI.

 

What security measures should be considered for AI systems processing health data?

Organizations should implement data protection measures, including encryption, access controls, and audit trails for AI systems handling protected health information.

 

How might the proposed private sector AI investment affect healthcare organizations?

The investment could accelerate AI adoption in healthcare while potentially influencing future regulatory frameworks for AI governance under HIPAA.

 

Download the HIPAA compliant email checklist

Download the HIPAA compliant email checklist
Image of stethescope and clipboard

What healthcare providers should know about HIPAA compliance and AI

Lusanda Molefe : Feb 10, 2025 8:22:29 AM

According to a study published in the Future Healthcare Journal, organizations must navigate new compliance challenges while protecting patient data...

HIPAA compliance AI in healthcare
Read More
Hand touching a glowing AI icon surrounded by digital symbols including security, email, cloud, and analytics icons

How AI and automation are changing the face of HIPAA compliance

Lusanda Molefe : Dec 19, 2024 2:22:08 PM

The advancement of technology, particularly in artificial intelligence (AI) and automation, is challenging traditional approaches to healthcare data...

HIPAA compliance AI in healthcare
Read More
Hathr.ai logo

Is Hathr AI HIPAA compliant? (2025 update)

Picture of Tshedimoso Makhene Tshedimoso Makhene : Aug 31, 2025 4:45:00 AM

Based on our research, Hathr AI is HIPAA compliant because it meets the requirements set by the U.S. Department of Health and Human Services (HHS) to...

HIPAA compliance AI in healthcare
Read More