Excerpt from ExecutiveGov Article, Published on Oct 24, 2024.

The White House Office of Information and Regulatory Affairs (OIRA) is currently reviewing a proposed rule to enhance cybersecurity protections under the Health Insurance Portability and Accountability Act (HIPAA), as cyber threats against healthcare data surge. The Department of Health and Human Services (HHS) introduced the proposal to adapt HIPAA’s security requirements in response to increased cyberattacks targeting electronic protected health information (ePHI), Federal News Network reported.

Once the review is complete, HHS will publish a notice of proposed rulemaking to invite public comments on the updated security standards. The proposed changes aim to address advancements in cyber threats and adapt to emerging technologies to better safeguard sensitive health data.

Speaking at a recent conference, Marissa Gordon-Nguyen, senior adviser for health information privacy, data, and cybersecurity at the HHS Office of Civil Rights, highlighted the necessity of strengthening HIPAA’s security provisions to meet modern threats. “We’ve seen tremendous increases in the use of ransomware and hacking to obtain unauthorized access to ePHI,” Gordon-Nguyen said. “Since 2003, technical capabilities of record systems have evolved, and there have been changes in the costs of a variety of security measures.”

The proposed rule would be the first major update to HIPAA’s cybersecurity guidelines since its inception over two decades ago. The changes are expected to reflect current cybersecurity standards, addressing the rapid evolution of healthcare data storage and security needs.

With cyberattacks on healthcare systems continuing to increase, the proposed HIPAA update seeks to provide a stronger security framework that aligns with both current and anticipated threats, ensuring that HIPAA remains effective in protecting patient data in an era of heightened cyber risk. This effort underlines the government’s commitment to fortifying healthcare cybersecurity, setting new benchmarks for privacy and data security in the digital age.

To delve deeper into this topic, please read the full article ExecutiveGov.