The proposed update to the HIPAA Security Rule is now under review by the Office of Management and Budget (OMB). It aims to strengthen the safeguards for electronic protected health information by enhancing requirements for HIPAA-regulated entities to better prevent, detect, contain, mitigate, and recover from cybersecurity threats.
The rule could extend beyond hospitals to include other covered entities, including physicians. The update builds on a 2023 concept paper from the Department of Health and Human Services (HHS), “Healthcare Sector Cybersecurity,” which aligns with the Biden administration’s “National Cybersecurity Strategy.” The HHS concept paper outlines key actions, including publishing voluntary cybersecurity performance goals for the health care sector, securing funding to support cybersecurity practices, and proposing new enforceable standards through Medicare, Medicaid, and the HIPAA Security Rule. Additionally, HHS plans to expand its “one-stop shop” for health care cybersecurity to improve federal coordination and support for health institutions facing cyber threats.
Please send any questions regarding the updated HIPAA Security Rule to coding@aasm.org.