Proposed Changes to the HIPAA Security Rule
Healthcare Assessments | HIPAA
Published: Jan 29, 2025
Last Updated: Feb 5, 2025
Schellman's Danny Manimbo and Healthcare Assessment leader, Ryan Meehan, discuss in under 3 minutes what you need to know about the proposed changes to the HIPAA Security Rule.
In short, The HIPAA security rule, first introduced in 1996, is finally getting a much-needed update to address today’s cybersecurity challenges. With healthcare now the top target for ransomware attacks, these changes aim to modernize outdated requirements and enhance data protection.
Key updates include mandatory encryption at rest, stronger disaster recovery and backup security, detailed technology inventories, network segmentation, and regular security assessments like vulnerability scans and penetration tests. Multifactor authentication (MFA) is also becoming a required standard.
These updates are currently in the review phase, with implementation expected in about 18 months. Healthcare organizations should start preparing now by conducting gap assessments, mapping data flows, and securing their systems.
Stay tuned for more insights and practical tips on adapting to these changes.
About RYAN MEEHAN
Ryan is a Senior Manager at Schellman. He has worked in public accounting since 2007 specializing in compliance auditing, including SOC examinations, ISO certifications, and healthcare audits such as HIPAA and HITRUST. Ryan has serviced clients in a multitude of industries including business process outsourcing, financial services, information technology, and healthcare. Ryan holds certifications including the CISSP, CISA, ISO 27001 Lead Auditor, CIPP/US, CCSFP, and the Advanced SOC certification.