OCR to update HIPAA rule after more than a decade

Jan. 6, 2025
OCR hopes to reduce cyberattacks.

The U.S. Department of Health and Human Services (HHS) announced in a release that its Office for Civil Rights (OCR) is updating its HIPAA rule to address rising cyberattacks.

According to HHS’s announcement, the proposed rule would, “require health plans, healthcare clearinghouses (an organization that enables the exchange of healthcare data between a provider and a payer (insurance company)), and most healthcare providers, and their business associates, to strengthen cybersecurity protections for individuals’ protected health information.”

This action is to address OCR’s 102% rise in “large breach reports” since 2018. The number of patients affected by ransomware attacks has increased by over 1000%. The number of individuals affected by these breaches reached an all-time high in 2023 (more than 167 million).

The new rule will give more guidance on how organizations can better protect health information. It also calls for regular modifications and testing.

The proposed rule will be open for comment until March 7.

HIPAA Security Rule NPRM

Fact Sheet 

HHS release

Read the proposed rule here

ID 36875902 © Funniefarm5 | Dreamstime.com
dreamstime_xxl_36875902
ID 336592925 © Yuri Arcurs | Dreamstime.com
dreamstime_xxl_336592925
ID 328976828 © Olga Korshunova | Dreamstime.com
dreamstime_xxl_328976828
ID 170384413 © Transversospinales | Dreamstime.com
dreamstime_xxl_170384413