Overview of OCR NPRM reshaping HIPAA Security Rule, timelines, and the move to demonstrable, evidence-based controls.

On December 27, 2024, the Department of Health and Human Services (“HHS”) proposed substantial revisions to the 20-year-old HIPAA Security Rule. Comments on the proposal will be due within sixty days ...

As we noted in our previous blog here, on January 6, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking (NPRM) ...

In recent years, health care organizations and the vendors that support them have been prime targets for cyber attacks. Indeed, just last year, the ransomware attack on the health care clearinghouse ...

An unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep. Since 2005, healthcare organizations have been subject ...

The HHS Office for Civil Rights proposed a rule on Jan. 6 to update the HIPAA Security Rule, potentially affecting health systems’ security policies and operations. A Feb. 3 blog post by Coronis ...

The Department of Health and Human Services and the Office for Civil Rights have announced they will be soliciting comments on a proposal to modify the Security Standards for the Protection of ...

Editor’s note: Steven W. Teppler is a partner and chair of the Cybersecurity and Data Privacy practice group at Mandelbaum Barrett PC in Roseland, New Jersey. Carly ...

The healthcare landscape is undergoing a seismic shift in 2026 as the new HIPAA Security Rule eliminates the 'addressable' loophole for Multi-Factor Authentication (MFA), forcing every major portal to ...