How HTM Staff Can Prepare for the Proposed HIPAA Security Rule Changes

Health-ISAC Medical Device Security Blog in TechNation

Written by Phil Englert, Health-ISAC VP of Medical Device Security

On December 27, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to amend the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The goal is to fortify cybersecurity defenses that protect electronic health information (ePHI). This proposed update represents a proactive approach to safeguarding sensitive health information in an era of escalating cyber threats.

The proposed amendments highlight several critical measures to bolster ePHI protection. Some of these rules are process-oriented, and several are technical. Incorporating these proposed changes into the procurement process will help organizations prepare for the changes when they go into effect. Here is a selection specifically pertinent to medical devices.

Continue reading this article in TechNation. Click Here

• Related Resources & News
• President Trump extends national emergency over cyber threats for another year
• 2025 Newsletter- April
• Health-ISAC Hacking Healthcare 3-21-2025
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?