White House Reviews Proposed Cybersecurity Enhancements to HIPAA

The Office of Management and Budget (OMB) is currently reviewing proposed updates to the HIPAA Security Rule, submitted by the Department of Health and Human Services (HHS), aimed at modernizing cybersecurity requirements for healthcare providers. The revisions focus on bolstering protections for ePHI to address rising ransomware attacks and unauthorized access, with publication of the proposed rule expected by year’s end.

These modifications would amend the Security Standards under HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. According to Marissa Gordon Nguyen, a senior advisor at the Office of Civil Rights, advancements in record-keeping technology and the increased costs of security measures make these updates crucial for today’s cybersecurity landscape. NIST also revised its healthcare cybersecurity guidance two years ago to align with evolving threats.

This update arrives amid ongoing legal ambiguity regarding HIPAA’s scope, particularly concerning data use by tracking tools, IP addresses, and other patient data shared on unauthenticated websites. HIPAA-covered entities continue to face compliance challenges, especially in addressing privacy concerns following high-profile cases such as AHA v. Becerra, which reshaped the enforcement landscape.