The US HHS Office for Civil Rights has proposed updates to the HIPAA Security Rule for the first time in 10 years to address the rise in cyberattacks. It proposes more detailed security requirements for covered entities, including mandatory multifactor authentication, regular vulnerability scanning, and comprehensive risk assessments. Once published in the Federal Register, stakeholders will have 60 days to comment on the comprehensive proposal.
HHS Proposes Major HIPAA Cybersecurity Rule Changes
The U.S. Department of Health and Human Services has issued a Notice of Proposed Rulemaking to amend the Health Insurance Portability and Accountability Act’s Security
