2024 Regulatory Outlook: OCR Plans Revisions to Security, Privacy Rules

By Theresa Defino

Although details are scant and scattered in various federal documents and on websites, a picture is emerging that indicates the health care community could see a proposed regulation revising the Security Rule in September. In addition, a rule finalizing changes proposed to the Privacy Rule in 2021 may be issued before the end of this year.

Some information about plans for the Security Rule is found in a “concept paper” HHS issued on Dec. 6 that outlines its cybersecurity strategy for the health care sector.[1] These include establishing “voluntary” cyber security performance goals (CPGs) the agency said would “help health care institutions plan and prioritize implementation of high-impact cybersecurity practices.”[2] These goals would become somewhat less voluntary over time, as HHS said it also plans to “propose new enforceable cybersecurity standards, informed by the…CPGs, that would be incorporated into existing programs, including Medicare and Medicaid and the HIPAA Security Rules.”

The paper says little about the goals other than that they “will include both ‘essential’ goals to outline minimum foundational practices for cybersecurity performance and ‘enhanced’ goals to encourage adoption of more advanced practices.” Regarding the Security Rule, the paper states that OCR will begin to update the Security Rule “in the spring, to include new cybersecurity requirements.” That’s a more ambitious schedule than indicated by OCR.

OCR dropped some hints about the Security Rule in its section of the federal government’s semiannual regulatory update, the Unified Agenda of Regulatory and Deregulatory Actions. Posted twice yearly in spring and fall, the most recent version was published on the same day as HHS’ concept paper.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings