0

My Shopping Cart

No products in the cart.
Msp Association of America®
Cybersecurity, MSPAA, National Threat, Phishing, Ransomware, Tech News

HIPAA Security Rule Update: Strengthening Cybersecurity for Patient Data

On December 27, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) proposed changes to the HIPAA Security Rule to better protect electronic patient data (ePHI). This update aims to improve cybersecurity and reduce risks in healthcare systems.

Why This Matters

Healthcare organizations are frequent targets of cyberattacks. These changes will help keep patient information safe by improving security standards and ensuring that healthcare providers follow best practices in cybersecurity.

Key Proposed Changes

1. Stronger Security Rules

  • All security measures will now be required, removing optional (“addressable”) guidelines.
  • Written policies and procedures must be documented for all security practices.
  • Updated definitions to match current technology and security threats.

2. Better Risk Analysis & Cyber Protection

  • Healthcare providers must track and update their technology assets annually.
  • Encryption of patient data (both stored and shared) will be required.
  • Multi-factor authentication will be necessary for accessing patient data.
  • Security testing (scans every six months, penetration tests yearly) will be mandatory.
  • Better network security to prevent unauthorized access.
  • Use of anti-virus software and regular system updates to prevent cyber threats.

3. Faster Incident Response & Recovery

  • Organizations must report security issues within 24 hours.
  • A plan to restore lost data or systems within 72 hours will be required.
  • Regular security audits to ensure compliance.
  • Stronger backup systems to keep patient data safe.

4. More Responsibility for Business Partners

  • Business associates (third-party service providers) must prove they follow security rules.
  • Health plans must include cybersecurity in their official policies.

Next Steps & How to Get Involved

These rules are not final yet. The current HIPAA Security Rule remains in effect, but HHS encourages healthcare professionals, organizations, and the public to provide feedback.

Deadline for public comments: 60 days from the rule’s publication.

HHS will also hold a Tribal consultation meeting soon to discuss the proposed changes.

Final Thoughts

Cyber threats in healthcare are growing, and these updates aim to provide stronger protection for patient data. By following these new security measures, healthcare providers can help keep patient information safe and comply with evolving security standards.

🔗 Read the full proposal: Federal Register Notice

Related Posts

Content copying is restricted!