The U.S. Department of Health and Human Services has issued a Notice of Proposed Rulemaking to amend the Health Insurance Portability and Accountability Act’s Security Rule. The update – the first in over a decade – includes changes to definitions and a shift to all implementation specifications being “required”. Changes include improved cybersecurity measures, regular asset inventory and risk analysis, written procedures for patch management and swift notification to relevant bodies upon a security incident. The proposal remains open to public comment.
HIPAA risk analysis gaps lead to 2 HHS enforcement actions
The HHS Office for Civil Rights (OCR) has settled two ransomware investigations involving Elgon Information Systems and Virtual Private Network Solutions, both found to have
