logo
Government to Strengthen Cybersecurity in Healthcare Under HIPAA

Security


Government to Strengthen Cybersecurity in Healthcare Under HIPAA

Date Posted: Wednesday, January 08, 2025

 

Proposed rule to improve cybersecurity and better protect the U.S healthcare system from a growing number of cyberattacks

 

On December 27, 2024, the Office for Civil Rights (OCR), the HIPAA enforcement agency, issued a proposed rule to improve cybersecurity and better protect the U.S healthcare system from a growing number of cyberattacks.

 

OCR has seen a substantial increase in reports of large breach reports received over the last five years. From 2018-2023, reports of large breaches increased by 102 percent, and the number of individuals affected by such breaches increased by 1,002 percent, primarily because of increases in hacking and ransomware attacks. In 2023, over 167 million individuals were affected by large breaches—a new record. Since 2019, large breaches caused by hacking and ransomware have increased 89 percent and 102 percent.

 

 

Dynamic Image

 

This proposed rule is the latest step taken by OCR to address more frequent cyberattacks targeting the U.S. healthcare system, consistent with the HHS Healthcare and Public Health critical infrastructure sector Cybersecurity Performance Goals.

 

The proposed rule would modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to require health plans, healthcare clearinghouses (an organization that enables the exchange of healthcare data between a provider and a payor [insurance company]), and most healthcare providers, and their business associates, to strengthen cybersecurity protections for individuals' protected health information.

 

The proposed rule also would require that policies and procedures be in writing, reviewed, tested, and updated on a regular basis. Additionally, it would better align the Security Rule with modern best practices in cybersecurity.

 

These proposals address:

 

  • Changes in the environment in which healthcare is provided
  • Significant increases in breaches and cyberattacks
  • Common deficiencies OCR has observed in investigations into Security Rule compliance by covered entities and their business associates
  • Other cybersecurity guidelines, best practices, methodologies, procedures, and processes
  • Court decisions that affect enforcement of the Security Rule

 

While the Department is undertaking this rulemaking, the current Security Rule remains in effect.

 

Click Here for the Proposed Fact Sheet for more information and link to the Federal Register Notice.

 

The American Institute of Healthcare Compliance (AIHC) is a Licensing/Certification Partner with CMS.

 

Source: The American Institute of Healthcare Compliance (AIHC)

AIHC-assn.org

 

 
Have feedback or questions on this article? Get in touch with us directly.
Email info@billing-coding.com.

Search BCA Magazine

Search here

List Articles

Select below

Sponsor

 

 

RELATED CEU's / Webinars

CEUs / Webinars

Security

Triple Play: HHS Issues Three New Final Rules - Compliance Dates and Steps to Take Now
CEUs / Webinars

Security

HIPAA Compliant Texting & Emailing: Strategies for Avoiding Liability
CEUs / Webinars

Security

Physician Bonuses and Compensation Landmines to Avoid