At the recent HIPAA conference, HHS OCR senior advisor for health information privacy, Marissa Gordon Nguyen, announced that the HHS has submitted proposed modifications to the HIPAA Security Rule for review by the White House. This announcement signals an impending shift in how healthcare organizations approach data security and patient privacy. As these proposed updates are under consideration, healthcare organizations should be proactive in their preparations.
During the conference, Marissa Gordon Nguyen, the senior advisor for health information privacy at the HHS Office for Civil Rights (OCR), announced that the Department of Health and Human Services had submitted proposed modifications to the HIPAA Security Rule for review by the White House. The announcement marks a critical step toward potentially updating the Security Rule, which has remained largely unchanged since its inception in 1996. The proposed modifications aim to enhance the protection of electronic health information by addressing contemporary cybersecurity threats. “We’ve seen tremendous increases in the use of ransomware and hacking to obtain unauthorized access to ePHI, and since 2003 there’s been an evolution in technical capabilities of record systems that are used to maintain health information, and there have been changes in the costs of variety of security measures,” she said.
This announcement comes after the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) released a video with guidelines on ransomware prevention and compliance with the HIPAA Security Rule.
Focus areas of the update rule include increasing requirements for risk assessments, improving access controls, and expanding reporting obligations for data breaches. The proposed changes emphasize the importance of adopting security best practices and technologies, reinforcing the commitment of healthcare organizations to safeguarding patient data. As these modifications progress through the review process, healthcare stakeholders are encouraged to stay informed and prepare for the adjustments that may come with the updated regulations.
See also: OCR releases ransomware prevention guidance
Healthcare organizations can prepare for potential updates to HIPAA’s Security Rule by proactively strengthening their security programs and keeping current with best practices. Here are some key strategies:
See also: HIPAA Compliant Email: The Definitive Guide
The White House reviews proposed modifications to federal regulations, including those submitted by HHS. Their review process ensures any changes align with broader governmental priorities and policies. After review, the proposed modifications may be finalized and implemented, which will affect compliance requirements for healthcare organizations.
Healthcare organizations should monitor updates from the HHS Office for Civil Rights and other relevant regulatory bodies. Engaging with industry associations and participating in conferences can also provide valuable insights into ongoing regulatory developments and best practices.