• Helping you with HIPAA Security Solutions.
  • Call Us (631) 403-6687
  • Office HrsMon - Fri: 9.00am to 5:00pm
Log InSign Up

Proposed Changes to the HIPAA Security Rule

  • January 20, 2025
  • By tahlia@tldsystems.com
  • 0 Comments

Proposed Changes to the HIPAA Security Rule

by Michael Brody, DPM, CEO TLD Systems

Proposed Changes to the HIPAA Security Rule

The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI) amid rising cyber threats. Link: HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information | HHS.gov

Key Proposed Changes:

  •       • Elimination of "Required" and "Addressable" Specifications: The proposal removes the distinction between "required" and "addressable" implementation specifications, mandating that all safeguards be implemented as specified.
  •       • Enhanced Business Associate Agreements: Covered entities would need to update agreements to require business associates to notify them upon activation of contingency plans within 24 hours and to provide annual written analyses and certifications of compliance with technical safeguards.
  •       • Regular Policy Reviews: Entities must maintain written policies and procedures, conducting regular reviews, testing, and updates to ensure ongoing effectiveness.
  •       • Alignment with Cybersecurity Best Practices: The rule aims to align with modern cybersecurity frameworks, such as the NIST Cybersecurity Framework, to address current and emerging threats.

 

How do these proposed changes impact your practice? 

If you use the TLD Systems HIPAA Security Tool, the impact will be relatively low. We already collect information on all Required and Addressable specifications and provide you with recommendations to be compliant with all specifications

We have just updated our Business Associate agreements to accommodate the new rules related to reproductive health, we will be updating these documents to include a clause for notification upon activation of contingency plans. You will receive alerts to execute updated Business Associate Agreements once we have implemented these upgrades

We already reach out to you annually to have you review your policies and procedures. We will continue to support you in this manner.

Our tool is already aligned with Cybersecurity Best Practices. All of the technical items discussed in the proposed changes are already part of our HIPAA Risk Analysis tool and Risk Mitigation tool.

If you are not already utilizing TLD Systems to support your HIPAA compliance, now is the time to start. Get your practice on track to be prepared for a HIPAA audit today.

Contact TLD Systems at

https://www.tldsystems.com

info@tldsystems.com

(631) 403 6687

Tags: HIPAAHIPAA ChangesCybersecurityBusiness AssociateBusiness Associate AgreementBAAHIPAA SecurityHIPAA Privacy
tahlia@tldsystems.com

Tahlia

Read Comments

Add Your Comment