The U.S. Department of Health and Human Services (HHS) announced in a release that its Office for Civil Rights (OCR) is updating its HIPAA rule to address rising cyberattacks.
According to HHS’s announcement, the proposed rule would, “require health plans, healthcare clearinghouses (an organization that enables the exchange of healthcare data between a provider and a payer (insurance company)), and most healthcare providers, and their business associates, to strengthen cybersecurity protections for individuals’ protected health information.”
This action is to address OCR’s 102% rise in “large breach reports” since 2018. The number of patients affected by ransomware attacks has increased by over 1000%. The number of individuals affected by these breaches reached an all-time high in 2023 (more than 167 million).
The new rule will give more guidance on how organizations can better protect health information. It also calls for regular modifications and testing.
The proposed rule will be open for comment until March 7.
