Security Ups and Downs
UPπ
Increasing security concerns and threats are behind a proposal from the HHS Office of Civil Rights (OCR) to upgrade the HIPAA security rule βto address modern cybersecurity threats and strengthen protections for electronic protected health information.β Proposed changes include mandatory implementation of all security specifications, maintaining comprehensive documentation, conducting detailed risk analyses, and requiring annual compliance audits. Organizations that are subject to HIPAA would also need to develop inventories of technology assets and network maps, and implement upgraded incident response plans to be able to restore lost systems or data within 72 hours. The proposed rules will be open for public comment shortly after they are published in the Federal Register.
DOWNπ
HHS has implemented a rule blocking doctors from sharing abortion-related patient information with state authorities. This was put in place to prevent states from penalizing doctors who refused to provide abortion-related information with their authorities. Texas brought suit on the grounds that HHS had exceeded their authority, and a district judge agreed to put a hold on the rule while the lawsuit proceeds.