The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their Business Associates (Regulated Entities) invest significant resources to comply with new, less flexible requirements designed to strengthen the cybersecurity posture of the American healthcare system. We discuss below several aspects of OCR’s comprehensive overhaul of the Security Rule published in its Notice of Proposed Rulemaking (NPRM) on January 6, 2025, the first proposed revisions to the Security Rule since 2013. The 60-day notice and comment period closes on March 7, 2025.
Latest Post
More Posts
NYDFS Highlights Strategies to Combat AI Cybersecurity Risks
New York Focuses on Healthcare Cybersecurity: Recent Regulatory and Enforcement Activities
FTC’s Updated Health Breach Notification Rule Puts Health App Developers on Notice
OCR and FTC Issue Warning to Hospital Systems and Telehealth Providers about Tracking Technologies
OIG Issues Information Blocking Penalties Final Rule: Health IT Developers and Health Information Exchanges/Networks Have a Million Reasons to Care
Health Apps Beware: FTC Clarifies Health Breach Notification Rule with Significant Proposed Changes
OCR’s Proposed Rule Finds Fertile Ground for Enhanced Reproductive Privacy Protection
All Good Things Must Come to an End: The Expiration of OCR’s Enforcement Discretion
The FTC Sends Another Warning to Digital Healthcare Platforms About Use of Tracking Pixels
Subscribe: Subscribe via RSS
Blogs
Firm/Org