You are currently viewing Top 10 takeaways from the new HIPAA security rule NPRM Bradley Arant Boult Cummings LLP
Representation image: This image is an artistic interpretation related to the article theme.

Top 10 takeaways from the new HIPAA security rule NPRM Bradley Arant Boult Cummings LLP

The proposed rule aims to strengthen the security and privacy of electronic protected health information (ePHI) in various settings, including healthcare providers, health plans, and healthcare clearinghouses.

  • *Enhanced security measures*: The proposed rule requires covered entities to implement additional security measures to protect ePHI, such as:
  • Multi-factor authentication for all users
  • Regular security audits and risk assessments
  • Incident response planning and training
  • *Data encryption*: The proposed rule requires covered entities to encrypt ePHI both in transit and at rest, using industry-standard encryption methods.
  • *Access controls*: The proposed rule requires covered entities to implement robust access controls, including:
  • Role-based access controls
  • Segregation of duties
  • Audit logs and monitoring

    • Impact on Healthcare Providers

    The proposed rule will have a significant impact on healthcare providers, who will be required to implement these enhanced cybersecurity measures to protect ePHI.

    The inventory would include information about the physical location of ePHI, the type of ePHI, and the name and contact information of the individual responsible for the ePHI.

  • *The requirement for written inventories of assets*: Regulated entities would be required to maintain written inventories of their ePHI assets, including the physical location, type, and name of the individual responsible for the ePHI.
  • *The need for annual updates*: The inventories and maps would need to be updated at least annually or when certain events occur, such as a change in the physical location of the ePHI or a change in the individual responsible for the ePHI.
  • *The importance of accurate and detailed information*: The inventories would need to include accurate and detailed information about the ePHI, including the type of ePHI, the physical location, and the name and contact information of the individual responsible for the ePHI.Benefits of the NPRM

    • The NPRM proposes several benefits to enhance the security and protection of ePHI.

    Further details on this topic will be provided shortly.

    Leave a Reply