In this Healthcare Innovation article, Marci Rozen discusses the anticipated updates to the HIPAA Security Rule (the first security rule changes since 2013) and what healthcare organizations should expect as the rule moves toward finalization.
Marci noted that the sweeping advances in technology and the evolving security threat landscape since 2013 make these updates long overdue, adding that network segmentation may perhaps be the most significant change for business associates in particular.
In terms of enforcement, Marci explained that the HHS Office of Civil Rights will likely take a reactive approach, pursuing action not only for breaches themselves, but for underlying security compliance failures that may have contributed to them.
“I think it’s a great idea for all companies, whether entities or business associates, to audit their compliance,” Marci said. “Have a check-in with your security team to make sure that they know that this is happening.”