HIPAA Security Rule Update: 72-Hour Data Resurrection or Bust!
The HHS OCR is proposing updates to the HIPAA Security Rule to enhance cybersecurity for electronic protected health information. These changes aim to restore critical systems within 72 hours, bolster contingency planning, and improve incident response. This is part of an effort to align with the Biden Administration’s National Cybersecurity Strategy.
Hot Take:
Well, folks, it looks like the HHS OCR has finally decided that the old HIPAA Security Rule was about as effective as a chocolate teapot. Now, they’re bringing out the big guns to ensure our health data is safer than your grandma’s secret cookie recipe. With a 72-hour system restoration deadline, they clearly want healthcare entities to channel their inner superhero and save the day faster than you can say “ePHI”.
Key Points:
- HHS OCR proposed updates to HIPAA Security Rule to enhance cybersecurity for ePHI.
- Mandatory implementation specifications include ePHI encryption and multi-factor authentication.
- Proposals require restoration of critical systems within 72 hours and prompt notifications for access changes.
- Entities must conduct compliance audits every 12 months and involve business associates in ePHI safeguard verification.
- Public comments on the proposed updates are due 60 days after publication in the Federal Register.