Health Law Highlights

HIPAA Update to Include Cybersecurity Requirements for Health Care Organizations

Summary of article from Renal and Urology News, by John Schieszer:

The Department of Health and Human Services (HHS) is updating the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to include new cybersecurity requirements, in light of increasing cyber threats to the healthcare sector. The HHS has issued a concept paper providing voluntary Cybersecurity Performance Goals (CPGs) to help healthcare organizations improve their cyber resilience. A significant rise in data breaches and ransomware attacks has been observed, emphasizing the need for improved cyber protection. The HHS is planning to establish two programs to aid healthcare providers in implementing these CPGs, one of which involves financial aid for high-need providers. Additionally, changes to the HIPAA Security Rule may include allowing patients more direct access to their Protected Health Information (PHI) and potential privacy concerns are being addressed.