The OCR proposes significant changes to the HIPAA Security Rule, aiming to strengthen cybersecurity for ePHI. The new requirements, including detailed asset inventories and 72-hour restoration procedures, pose challenges for organizations, particularly smaller ones, with limited technical resources.
Healthcare CIOs and CISOs are monitoring the recent Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) proposal to update the HIPAA Security Rule . These changes, outlined in a Notice of Proposed Rulemaking (NPRM), aim to increase cybersecurity protections for electronic protected health information (ePHI).
As leaders evaluate the potential impact, the main question is, will these updates fulfill compliance requirements or enhance the security framework for safeguarding patient data?The proposal states that regulated entities must maintain a comprehensive and up-to-date technology asset inventory and network map that tracks electronic protected health information (ePHI) flow across their electronic systems. Organizations must review and revise the inventory and map annually or whenever significant changes in the entity's environment or operations could impact ePHI. Creating updated inventory and system mapping is challenging for organizations that do not have many technical, let alone dedicated, security resources. Small organizations may need to bring in a dedicated virtual CIO or consultant resources to manage this piece of work. Carter Groome, CEO at Health First Advisory, agrees and said,'Small and rural facilities would struggle mightily to meet these baselines - just obtaining an accurate asset inventory is an enormous task.' Organizations must create written procedures to restore critical electronic information systems within 72 hours of a loss. Establishing written procedures is a great start, but healthcare organizations must regularly test and validate their ability to restore systems within the timeframe. This process is complex and requires consistent practice to ensure readines
HIPAA Security Rule Cybersecurity Ephi Healthcare Providers
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Homeland Security chief Mayorkas blames drone uproar on recent FAA flight-rule change: 'We know of no foreign involvement'Homeland Security Secretary blames drone sightings on recent FAA rule change
Read more »
2 men arrested after flying 'hazardous drone operation' near Boston's Logan AirportHomeland Security Secretary blames drone sightings on recent FAA rule change
Read more »
Unidentified drones forced critical US Air Force base to close airspace for hoursHomeland Security Secretary blames drone sightings on recent FAA rule change
Read more »
Bitcoin ATM Security Breach Compromised Social Security Numbers and Government IDsByte Federal operates 1,200 Bitcoin ATMs in the U.S. A data breach comprised 58,000 customer's information.
Read more »
Graham Warns Republicans: Border Security First or 'Russian Roulette' on National SecuritySenator Lindsey Graham warns Republicans that border security must be prioritized over tax cuts, comparing their inaction to 'playing Russian roulette with our national security.' The warning comes amidst internal Republican disagreements on how to approach the incoming Trump administration's agenda.
Read more »
Heavy Snowstorm Disrupts Washington's Security Operations Amid National Special Security EventsA major snowstorm forecast to dump up to a foot of snow in Washington, D.C., adds an unexpected layer of complexity to an already challenging two-week stretch for local officials. The district is hosting three designated National Special Security Events in a two-week span for the first time ever, including Monday's joint session of Congress to certify the votes from the Electoral College.
Read more »