Healthcare CIOs and CISOs Brace for Major HIPAA Security Rule Changes
Forbes
|
Contributed by: Bill Russell
Summary
Healthcare CIOs and CISOs are analyzing a new proposal from HHS's Office for Civil Rights to update the HIPAA Security Rule with an emphasis on enhancing cybersecurity for electronic protected health information (ePHI). The proposed changes include stricter documentation requirements, such as maintaining a detailed inventory of technology assets and mapping ePHI flow, which organizations must update annually or after major operational shifts. This may pose challenges for smaller healthcare facilities that lack technical resources, leading some to consider external consulting for compliance. Additionally, organizations will be required to restore critical electronic systems within 72 hours following a loss, prompting necessary revisions to disaster recovery plans and budget allocations.
