"In January 2025, the US Department of Health and Human Services (HHS) announced its proposed update to HIPAA, intended to strengthen cybersecurity in light of intensifying damaging attacks and data breaches against the healthcare sector. The HIPAA Security Rule, applies to electronic protected health information and addresses a multitude of concerns: patch management, asset control requirements, compliance audits, and security controls such as multi-factor (MFA) authentication and network segmentation."
"A lot of concerns were over the practicality of implementing the rule, and noted both the time constraints and whether the expectations were realistic to begin with. The latest opposition comes from 100 healthcare organizations nationwide. A coalition letter, led by the College of Healthcare Information Management Executives (CHIME), cited "new financial burdens" and "unreasonable implementation deadlines" as major hurdles with the proposed updates. The rule "should be immediately withdrawn without further consideration.""
HHS proposed an update to the HIPAA Security Rule in January 2025 to bolster cybersecurity amid rising attacks and breaches targeting healthcare. The update covers electronic protected health information and sets requirements for patch management, asset control, compliance audits, and security controls including multi-factor authentication and network segmentation. HHS set a March 7 public comment deadline, prompting broad industry responses raising practical concerns about timeframes and feasibility. A coalition of 100 healthcare organizations led by CHIME cited new financial burdens and unreasonable implementation deadlines and urged immediate withdrawal of the proposed rule.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]