The US Department of Health and Human Services (HHS) has proposed a rule to enhance cybersecurity under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 via its Office for Civil Rights (OCR).
This modification aims to protect the healthcare system from increasing cyberattacks by mandating stronger security measures for protected health information.
Go deeper with GlobalData
HHS Deputy Secretary Andrea Palm said: “This proposed rule is a vital step to ensuring that health care providers, patients, and communities are not only better prepared to face a cyberattack, but are also more secure and resilient.”
The proposal reflects OCR’s commitment to combat the surge in cyberattacks in the US healthcare sector.
This aligns with the Public Health critical infrastructure sector Cybersecurity Performance Goals and HHS Healthcare.
OCR director Melanie Fontes Rainer said: “This proposed rule to upgrade the HIPAA Security Rule addresses current and future cybersecurity threats.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataOver the past five years, OCR has observed a significant rise in large breach reports, with a 102% increase in reports and a staggering 1002% increase in the number of individuals affected from 2018 to 2023.
The year 2023 alone saw over 167 million individuals impacted by large cyberattacks, setting a new record.
Incidents due to hacking and ransomware have climbed by 89% and 102%, respectively from 2019.
To address these threats, the proposed rule would seek health plans, healthcare clearinghouses, and most healthcare providers, along with their business associates, to enhance protections for electronic protected health information.
It would provide clearer instructions and require written, regularly reviewed, tested, and updated security policies and procedures.
The aim is to align the security rule with contemporary cybersecurity best practices, reflecting changes in healthcare delivery, and common deficiencies seen in compliance investigations.
While the department undertakes this rulemaking, the current HIPAA Security Rule remains in force, ensuring ongoing protection against both external and internal threats.
