HIPAA Security Rule Updates: What Healthcare Organizations Need to Know

The Department of Health and Human Services is proposing the first major update to the HIPAA Security Rule since 2013. These changes are a direct response to the growing wave of cyber threats targeting healthcare organizations.

The proposal’s key changes include removing the previous distinction between “required’ and “addressable” safeguards, placing a heavier emphasis on documentation, and a focus on modernizing the expected technical safeguards.

While the updates are still in the proposal phase, organizations can prepare now by strengthening risk assessments, locking down technical safeguards, updating incident response plans, and investing in training. Learn more below.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.