The U.S. Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Security Rule of 1996. This update intends to strengthen cybersecurity protections for electronic protected health information (ePHI).
According to the HHS, the Security Rule establishes a national set of security standards to protect certain health information maintained or transmitted in electronic form. The Security Rule sets forth the administrative, physical, and technical safeguards that covered entities and business associates (collectively, “regulated entities”) must implement to secure individuals’ ePHI.
This is the first HIPAA Security rule update since 2013. With these changes, the agency seeks to clarify what health plans, business associates, healthcare providers, and clearinghouses must do to protect the security of ePHI.
Rising HIPAA breaches highlight the urgency of strengthening ePHI security
The Office for Civil Rights (OCR) reported an exponential increase in reports of extensive breaches over the last five years. From 2018-2023, reports of significant breaches increased by 102%. Also, the number of individuals affected by such breaches increased by 1002%, primarily because of increases in hacking and ransomware attacks. In 2023, over 167 million individuals were affected by significant breaches—a new record.
Read more about how to protect your business from data breaches in our blog 4 steps to reduce HIPAA breaches within your medical practice.
The proposed modifications aim to update existing standards to strengthen the confidentiality, integrity, and availability of ePHI. These changes, outlined in the NPRM, seek to enhance ePHI cybersecurity by revising the Security Rule to address:
- The evolving healthcare environment
- The rise in breaches and cyberattacks
- Common deficiencies identified by the OCR during Security Rule compliance investigations of regulated entities (covered entities and their business associates)
- Current cybersecurity guidelines, best practices, and procedures
- Relevant court decisions impacting Security Rule enforcement
While the Department is undertaking this rulemaking, the current Security Rule remains in effect.
HHS urges all stakeholders—patients and their families, health plans, healthcare providers, professional associations, consumer advocates, and government entities—to share their feedback by submitting comments through regulations.gov.
The public has 60 days from the NPRM’s publication in the Federal Register to submit their comments. Additionally, the Department plans to hold a Tribal consultation meeting, with details and RSVP information to be announced soon.
Review the full NPRM on the HHS website.
Stay ahead with HIPAA compliance: Protect your business and patient trust
The recent modifications to the Security Rule address modern challenges such as rising cyberattacks and data breaches. They also account for the evolving dynamics of healthcare delivery. Failing to stay updated with these regulations can have serious consequences.
Non-compliance can lead to hefty fines, reputational damage, and operational disruptions. More importantly, it can erode patient trust, which is fundamental to any healthcare organization. By understanding and implementing these updates, you protect your organization and contribute to the broader effort of securing patient information across the industry.
Navigating the complexities of HIPAA updates can be challenging, but you don’t have to do it alone. Partnering with a HIPAA-compliant expert can help your business understand and implement these changes effectively. With a trusted partner, you can ensure your organization remains compliant, secure, and prepared to meet the demands of an ever-evolving healthcare environment.
At Health Prime, we are HIPAA-compliant. We have controls and safeguards to ensure the confidentiality, integrity, and availability of your protected health information. Our employees are periodically trained to stay updated on HIPAA policy changes and avoid potential breaches.
Reach out to us at [email protected]. Our team will set up a meeting to discuss how Health Prime can maximize your revenue by cutting costs, saving you time, and collecting more!
Subscribe to our Health Prime blog. Stay tuned to all the latest updates, learn how to improve your medical practice, and ensure you are getting paid for your work.
