New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act (HIPAA) to enhance cybersecurity in healthcare organizations.
View Document here
:
These proposed changes include:
72-Hour Data Restoration: Healthcare providers must have procedures to restore lost electronic health information within 72 hours after a cyber incident.
Annual Compliance Audits: Organizations are required to conduct compliance audits at least once every 12 months to ensure adherence to security standards.
Encryption and Multi-Factor Authentication: Mandates for encrypting electronic protected health information (ePHI) both at rest and in transit, and enforcing multi-factor authentication to secure access.
Regular Security Assessments: Implementation of vulnerability scans every six months and penetration testing at least annually to identify and address potential security weaknesses.
For the average person, these proposed rules aim to:
Enhance Data Security: Strengthen the protection of personal health information against cyber threats.
Ensure Rapid Recovery: Guarantee that healthcare providers can quickly restore data after incidents, minimizing disruptions to patient care.
Increase Trust: Build confidence that healthcare organizations are proactively safeguarding sensitive health information.