On December 27, the US Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve cybersecurity and better protect the US healthcare system from a growing number of cyberattacks. The proposed rule would modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to require health plans, healthcare clearinghouses (an organization that enables the exchange of healthcare data between a provider and a payer (insurance company)), and most healthcare providers, and their business associates, to strengthen cybersecurity protections for individuals’ protected health information. This proposed rule is the latest step taken by OCR to address more frequent cyberattacks targeting the US healthcare system, consistent with the HHS Healthcare and Public Health critical infrastructure sector Cybersecurity Performance Goals.
