HIPAA Security Proposed Rule: An In-Depth Analysis of Key Changes

• February 07, 2025

• Elimu Kajunju
• Michael Hamilton

On December 27, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule (Security Rule). The proposed HIPAA Security Rule (Proposed Rule) represents a major revamp to the Security Rule, bringing it closer to some of the most prescriptive security standards, such as Payment Card Industry Data Security Standard (PCI DSS) and FedRAMP. OCR states the goal of the Proposed Rule is to improve cybersecurity measures and to address changes in the health care environment and common deficiencies in compliance identified in investigations of covered entities and their business associates. Comments on the Proposed Rule are open until March 7, 2025.

ARTICLE TAGS

• Health Information