HHS Proposes Stricter Cybersecurity Rules to Combat Healthcare Breaches
Healthcare IT News
|
Contributed by: Drex DeFord
Summary
The Department of Health and Human Services (HHS) has proposed new cybersecurity regulations to address rising breaches in the healthcare industry, following the establishment of HHS Cyber Performance Goals in 2023. The notice of proposed rulemaking (NPRM), issued in December 2024, aims to strengthen requirements that were deemed inadequate under the Health Insurance Portability and Accountability Act (HIPAA). Key changes include mandatory encryption, multifactor authentication, and formalized incident response protocols to protect electronic protected health information (ePHI). Healthcare organizations are advised to prepare by conducting gap analyses and engaging leadership to ensure compliance with the forthcoming regulations.
