From Becker’s Hospital Review, by Madeline Ashley:
- The Office for Civil Rights (OCR) is expected to increase enforcement actions for violations of HIPAA security and breach notification rules, with a predicted record number of civil monetary penalties and settlements in 2024.
- The HIPAA right of access will continue to be a focus for OCR enforcement due to its straightforward nature and minimal resource requirement for investigations.
- An update to the HIPAA security rule is anticipated in spring 2024, likely introducing new mandatory cybersecurity measures, including stricter access control requirements such as mandatory multi-factor authentication.
- Following the overturning of Roe v. Wade, a new rule on reproductive health information disclosure, limiting its use to specific purposes like payment, healthcare operations, treatment, and legal investigations related to reproductive healthcare services.
- The American Hospital Association’s lawsuit against OCR’s tracking technologies guidance could lead to the first enforcement action regarding the use of tracking technologies on hospital websites in 2024. If the lawsuit is successful, further rulemaking on tracking technology is expected to enhance patient privacy.
- The Centers for Medicare & Medicaid Services (CMS) are projected to introduce cybersecurity requirements as a condition for participation in their programs.
- State attorneys general are expected to increase HIPAA compliance enforcements, imposing additional financial penalties on healthcare organizations failing to meet minimum cybersecurity standards.