HHS, OCR Propose Modifications to Enhance Healthcare Cybersecurity Standards
Health & WellnessUS News

HHS, OCR Propose Modifications to Enhance Healthcare Cybersecurity Standards

82

TL/DR –

The Department of Health and Human Services and the Office for Civil Rights are seeking comments on a proposal to modify the Security Standards for the Protection of Electronic Protected Health Information under the HIPAA and the HITECH Act. This comes in response to the growing number of security breaches and aims to strengthen healthcare cybersecurity and protect electronic health information. The proposed modifications, set to be published in January 2025, include removing the distinction between “required” and “addressable” specifications and making all of them mandatory, with limited exceptions.

HHS and Office for Civil Rights Seek Public Comment on New Cybersecurity Proposal

The Department of Health and Human Services (HHS) and the Office for Civil Rights have disclosed plans to request public input on amendments to the Security Standards for Electronic Protected Health Information (ePHI). These alterations, driven by technological advancements, breach trends, and court decisions, aim to fortify healthcare cybersecurity.

Implications of Proposed Modifications

Following a White House review, HHS will release a Notice of Proposed Rulemaking. It seeks to make all security specifications obligatory, with few exceptions. The proposed changes are in line with the Biden-Harris Administration’s 2023 National Cybersecurity Strategy.

Preventing Cyberattacks in Healthcare Sector

The adjustments plan to tackle increasing cyberattacks affecting healthcare, as stated by OCR Director Melanie Fontes Rainer. A significant issue is the surge in people affected by large breaches, which is expected to escalate following the Change Healthcare breach, the biggest in US healthcare history.

Supporting Cybersecurity and Resilience

HHS Deputy Secretary Andrea Palm stated the proposed rule is crucial for enhancing cyberattack preparedness and resilience among healthcare providers, patients, and communities.

Identifying Security Rule Deficiencies

Over 2018-2023, large breaches increased by 102%, affecting over 167 million individuals in the last year alone. To combat these numbers, the agency proposes to impose stricter documentation requirements on all covered entities to detect security rule compliance deficiencies.

Enhancing HIPAA Audits

A deeper understanding of physical and technical safeguarding could improve HIPAA audits. Last month, the Office of Inspector General stated that the OCR’s audit program was largely ineffective in preventing health data breaches.

Addressing Cybersecurity Threats

Palm emphasized that rapidly evolving cyber threats could undermine patient safety, erode trust, disrupt care and delay medical procedures in the healthcare sector.


Read More Health & Wellness News ; US News

You might also like More from author