Health and Human Services (“HHS”) has proposed changes to the HIPAA Security Rule to strengthen cybersecurity protections for electronic health information (“ePHI”) by altering the existing Security Rule’s requirements for (1) documentation and policy, (2) technical and physical safeguards, and (3) compliance and auditing.
The proposed rule is part of HHS’s larger effort to address cybersecurity risks in the healthcare sector by enhancing cybersecurity of patient data.
The current rule will remain in effect while HHS undertakes rulemaking. Public comments on the proposed rule are due on March 7, 2025.
