HIPAA Cyber Rule Shake-Up Arrives on Eve of Trump's Return

Healthcare privacy attorneys Shannon Hartsfield and Beth Pitman were quoted in a Law360 article discussing a potential change to the Health Insurance Portability and Accountability Act (HIPAA). The current proposal, outlined in a nearly 400-page document by the U.S. Department of Health and Human Services (HHS), would require healthcare providers and insurers to use multifactor authentication and secure patient data with encryption. Ms. Hartsfield said she believes HIPAA should be updated to adapt to developing technology, but the current proposal needs work.

"There is a lot in the proposal that warrants comment and requests for further clarification," she commented.

The plan would also call for annual audits by certain provider business partners and other covered organizations to ensure the covered entity meets technical criteria to properly protect data. Ms. Pitman highlighted this aspect of the proposal as one such area needing further clarification.

"How or if the business associate auditing requirement will expand liability for covered entities is unclear," she explained.

READ: HIPAA Cyber Rule Shake-Up Arrives on Eve of Trump's Return (Subscription required)