The Department of Health and Human Services submitted proposed updates to the 20-year-old HIPAA Security Rule to the White House for review, aiming to enhance the cybersecurity protections for electronic health information, GovInfoSecurity reported Oct. 23.
The main goal of the proposed changes is to improve cybersecurity for organizations covered by HIPAA, Marissa Gordon-Nguyen, senior advisor for health information privacy, data, and cybersecurity at the HHS' Office for Civil Rights said during a HIPAA summit.
The updates also follow a plan that HHS shared last December, which outlined efforts to strengthen cybersecurity in healthcare. That plan included updating the HIPAA Security Rule, and the possibility of new cybersecurity requirements for hospitals and other healthcare providers through Medicare and Medicaid, using financial rewards or penalties to encourage compliance.
After the White House's Office of Management and Budget reviews the proposal, HHS plans to release the proposed rule by the end of the year and ask for public feedback over a 60-day period, according to Ms. Gordon-Nguyen.