HHS Proposes Changes to HIPAA Security Rule to Enhance Cybersecurity

The proposed changes would enhance cybersecurity protections for electronic protected health information.

By Jeff Wardon, Jr., Assistant Editor


Cybersecurity continues to be a forefront issue for healthcare facilities as cyberattacks and data breaches keep ramping up. A survey from Proofpoint and the Ponemon Institute found that 92 percent of healthcare organizations experienced at least one cyberattack in the last 12 months prior to October 2024. 

Certain steps must be taken to safeguard sensitive data that healthcare facilities and organizations keep hold of. 

The U.S. Department of Health and Human Services (HHS) has proposed changes to the HIPAA Security Rule to enhance cybersecurity protections for electronic protected health information (ePHI). These updates aim to address growing cyber threats in healthcare. 

Related: Remote Access Systems Pose Cybersecurity Risk

Key proposed changes include: 

  • Making all security requirements mandatory, with few exceptions. 
  • Requiring detailed documentation of security policies and risk analyses. 
  • Updating standards to reflect modern technology and terminology. 
  • Introducing specific deadlines for compliance with requirements. 
  • Mandating asset inventories, network mapping and encryption of ePHI. 
  • Strengthening incident response, contingency planning and system restoration timelines. 
  • Requiring regular vulnerability scans, penetration testing and multi-factor authentication. 
  • Enhancing oversight by conducting annual audits and ensuring business associates meet security standards. 

With cyberattacks becoming increasingly common, mounting a defense against them to protect sensitive data becomes equally as critical. Cloudely recommends the following for ongoing compliance and data security: 

  • Healthcare organizations must develop robust data governance structures which outline effective data asset management. This means the data is cared for professionally from beginning to end, covering data collection, storage, processing and sharing. 
  • The healthcare workforce needs to understand their responsibility to safeguard data while being trained and educated about phishing attacks, protecting passwords and properly disclosing sensitive information. 
  • Protocols for safeguarding data need to encrypt information at rest and in motion-controlled accessibility, meaning only authorized individuals can have access to sensitive materials and secured messaging. 
  • Routine security audits and risk assessments need to identify vulnerabilities or gaps in defenses before they are exploited. In addition, patient data must be backed up as well. 
  • Plans and tests need to be in place for data breaches so that they are addressed accordingly. Also, tight access controls need to be implemented so any unpermitted access to sensitive information is limited. 

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



January 10, 2025


Topic Area: Information Technology , Security


Recent Posts

Design, Compartmentation, Training: How Defend-in-Place Strategies Can Protect Patients

Effective defend-in-place strategies depend on compartmentation, fire-rated assemblies and ongoing staff training to protect patients who cannot quickly evacuate.


Milestone Marked with Topping Out Ceremony for BayCare Hospital Manatee

Construction remains on schedule, with crews continuing work on interior spaces, infrastructure and clinical areas throughout the facility.


NYC Health + Hospitals Experiences Third-Party Data Breach

The healthcare organization was notified that a business associate, Solventum Health Information Systems, suffered a data security incident.


Making AI Work for Predictive Maintenance

AI can support predictive maintenance by helping managers anticipate equipment failures, reduce downtime and improve operational efficiency.


Thomas Jefferson University Unveils Plans for Sidney Kimmel Medical College in Allentown, PA

Located at One Center Square, in downtown Allentown, the campus will include more than 54,000 square feet of newly constructed medical education space.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.