The Department of Health and Human Services (HHS) has proposed new cybersecurity regulations to address rising breaches in the healthcare industry, following the establishment of HHS Cyber Performance Goals in 2023. The notice of proposed rulemaking (NPRM), issued in December 2024, aims to strengthen requirements that were deemed inadequate under HIPAA. Key changes include mandatory encryption, multifactor authentication, and formalized incident response protocols to protect electronic protected health information (ePHI). Healthcare organizations are advised to prepare by conducting gap analyses and engaging leadership to ensure compliance with the forthcoming regulations.

HHS Proposes Stricter Cybersecurity Rules to Combat Healthcare Breaches Healthcare IT News

The 2025 HFMA Revenue Cycle Conference underscored the necessity of technology adoption in enhancing revenue cycle operations amid financial pressures on healthcare institutions. Key discussions focused on automation and AI in prior authorizations and claims management, highlighting the hurdles of ROI justification, staff resistance, and interoperability. Mayo Clinic executives Kevin Barnes and Michelle Amos shared strategies for overcoming these barriers, emphasizing the need for stakeholder buy-in and comprehensive roadmaps. They pointed out that while demonstrating ROI is critical, the non-monetary benefits, such as improved patient care, are significant as well. Additionally, the executives discussed staffing strategies, weighing the benefits of in-house staff against contracted resources for effective technology integration.

"2025 HFMA Conference: Embracing Tech to Transform Revenue Cycle Management" HealthLeaders

Chief Information and Digital Transformation Officer Joyce Oh is focused on advancing digital innovation at The Christ Hospital Health Network by aligning IT initiatives with strategic business objectives. Under her leadership, the IT governance process has been restructured to prioritize projects that match long-term goals rather than urgency. This includes the creation of an IT steering committee to evaluate projects systematically and improve resource allocation, particularly in areas such as cybersecurity. Oh highlights the necessity for thorough business case development for IT initiatives, ensuring that each project articulates clear benefits to justify funding amid budget constraints. Collaboration across departments is also emphasized to foster a unified approach to digital transformation.

Transforming Healthcare: Joy Oh Drives Strategic IT Innovation at Christ Hospital HealthSystemCIO

Congress is being urged to reauthorize the Cybersecurity Information Sharing Act (CISA) before its expiration at the end of September. The act offers legal protections for companies sharing cyber threat information, helping to facilitate essential real-time data exchange needed for responding to cyber attacks. Acknowledging bipartisan support, particularly from key leaders in intelligence committees despite some opposition on privacy grounds, advocates stress that renewing CISA is crucial for encouraging critical infrastructure operators to report cyber incidents without fear of legal repercussions. Additionally, there are calls for new legislation to address conflicting cybersecurity regulations and establish an interagency committee to streamline rules.

Congress Urged to Renew Cybersecurity Act for Enhanced Threat Sharing Cyberscoop