The Department of Health and Human Services (HHS) has proposed a rule to strengthen the HIPAA Security Rule in order to better address the ever-increasing cybersecurity threats faced by the healthcare sector. This proposed rule aims to strengthen cybersecurity protections for electronic protected health information (ePHI), addressing the ever-increasing cyber threats to the healthcare sector. The Office for Civil Rights (OCR) at HHS enforces the Security Rule, which establishes national standards for protecting individuals’ ePHI by covered entities, such as health plans, healthcare clearinghouses, and most healthcare providers, as well as their business associates.

Key Proposals in the HHS ePHI Cybersecurity NPRM

The HIPAA Security Rule notice of proposed rulemaking (NPRM) includes a number of key proposals and clarifications to strengthen the Security Rule's standards and implementation specifications. These include: