Government Finally Notices Healthcare Cybersecurity Is Absolutely Terrible
Published Date: 1/6/2025
Proposed Rule
Summary
The government wants to make sure your electronic health info stays super safe from hackers and mistakes. This update affects doctors, hospitals, and anyone handling electronic health records, asking them to boost their cybersecurity game. They’re asking for feedback by March 7, 2025, so get ready for stronger rules that protect your health data without breaking the bank!
Free Policy Watch
New rules are filed every week. Most people never see them.
Pick a topic. PRIA watches every federal rule and tells you when one hits your household.
Pick a topic to get started
Analyzed Economic Effects
3 provisions identified: 0 benefits, 1 costs, 2 mixed.
Encryption of ePHI Becomes Required
The proposal would expressly require regulated entities to implement a mechanism to encrypt electronic protected health information (ePHI), with only limited exceptions. Encryption is currently an ‘‘addressable’’ implementation option under 45 CFR 164.312(a)(2)(iv); the NPRM would remove the need for an entity-specific reasoned analysis in most cases by making encryption a requirement.
Inventory and ePHI Mapping Required
The NPRM would require regulated entities to inventory their technology assets and map how ePHI moves through their information systems so that risk analyses cover the full lifecycle of ePHI. The proposal aims to codify that accurate and thorough risk analysis requires an asset inventory and data-flow/mapping of ePHI locations and movement.
60/180-Day Deadlines and BAA Transition Period
If finalized, the rule’s effective date would be 60 days after publication; regulated entities must comply with new or modified standards no later than 180 days after that effective date. The Department also proposes a transition provision (45 CFR 164.318) to give regulated entities additional time beyond the 180-day compliance period specifically to modify business associate agreements or other written arrangements.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Take It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in