How HTM Staff Can Prepare for the Proposed HIPAA Security Rule Changes

Health-ISAC Medical Device Security Blog in TechNation

Written by Phil Englert, Health-ISAC VP of Medical Device Security

On December 27, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to amend the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The goal is to fortify cybersecurity defenses that protect electronic health information (ePHI). This proposed update represents a proactive approach to safeguarding sensitive health information in an era of escalating cyber threats.

The proposed amendments highlight several critical measures to bolster ePHI protection. Some of these rules are process-oriented, and several are technical. Incorporating these proposed changes into the procurement process will help organizations prepare for the changes when they go into effect. Here is a selection specifically pertinent to medical devices.

Continue reading this article in TechNation. Click Here

• Related Resources & News
• New cybersecurity industry coalition aims to lead US critical infrastructure protection
• Healthcare AI Has an Accountability Problem
• Healthcare Is Scaling AI Without the Infrastructure to Manage It
• Are Hospital Attacks ‘Terrorism,’ Patient Deaths ‘Murder’?
• 30 Recent Cyber Attacks & What They Tell Us About the Future of Cybersecurity
• Claude Mythos and its Health Sector Implications
• Health-ISAC Hacking Healthcare 5-11-2026
• A CISO’s Playbook Vol. 2 – 0Auth Token Vulnerability That Caused Salesforce Breach
• Monthly Newsletter – May 2026
• Quarterly Threat Insights – Q1 2026