by Wyn Staheli, Director of Content - innoviHealth
Jan 15th, 2025
Cybersecurity is an ongoing international problem. Hacking is happening in unprecedented numbers. Breaches are almost a daily occurrence. To address this problem, on December 27, 2024, the the Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to strengthen cybersecurity protections for electronic protected health information (ePHI). The NPRM was published in the Federal Register on January 6, 2025 and the comment period closes March 6, 2025.
According to a press release, some of the changes include:
|
These are some significant changes, some of which may be costly to implement, such as upgrading software to enable encryption and multi-factor authentication (MFA). Therefore, we strongly encourage covered organizations to review the Proposed Rule to understand the potential impact on your organization.
Remember, this is currently a Proposed Rule, not a Final Rule, so there is no deadline on the implementation of these measures; but they are things that security analysts recommend to protect your organization and your patient’s information. It wouldn’t hurt to start implementing some of these measures now and get ahead of the curve.
About Wyn Staheli, Director of Content - innoviHealth
Wyn Staheli is the Director of Content Research for innovHealth. She has over 30 years of experience in the healthcare industry. With her degree in Management Information Systems (MIS), she has been a programmer for a large insurance carrier as well as a California hospital system. She is also the author and editor of many medical resource books and the founder of InstaCode Institute.
Quick, Current, Complete - www.findacode.com