Public Inspection: HHS: Health Insurance Portability and Accountability Act Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information

Federal Register

Dec 30, 2024

Pre-publication notice of proposed rulemaking from the U.S. Department of Health and Human Services (HHS) seeking comments on a proposal to modify the Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). Proposals are intended to increase the cybersecurity for electronic protected health information (ePHI) by revising the Security Rule to address changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates; other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule. Comments are due within 60 days of the publication of this notice, which is scheduled for January 6, 2025.

Emergency preparedness and response · Health information technology · Legislation and regulations · Patient privacy