Source: Healthcare Dive

January 4, 2025

Dive Brief:

  • The HHS wants to update the HIPAA security rule for the first time in more than a decade to bolster healthcare cybersecurity, regulators said late last month.
  • The Office for Civil Rights, which enforces HIPAA, proposed changes to the regulation that aims to clarify and offer more specific instruction on securing electronic health data. The update would also require organizations and their business associates to keep security policies in writing, as well as review, test and update them on a regular basis.
  • The proposal comes as the healthcare sector has weathered a growing wave of cyberattacks and data breaches. From 2018 to 2023, the OCR has tracked a more than 100% increase in large breaches, while the number of people affected by healthcare data breaches has soared by more than 1000%.