Starting in 2026, HIPAA will require multi-factor authentication (MFA) for all systems accessing electronic protected health information, ending the ‘addressable’ loophole. This shift means healthcare ...

On December 27, 2024, the Department of Health and Human Services (“HHS”) proposed substantial revisions to the 20-year-old HIPAA Security Rule. Comments on the proposal will be due within sixty days ...

As we noted in our previous blog here, on January 6, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking (NPRM) ...

The 2026 HIPAA Security Rule overhaul will remove 'addressable' safeguards, requiring all covered entities to implement and verify technical protections such as encryption and multi-factor ...

The HHS Office for Civil Rights proposed a rule on Jan. 6 to update the HIPAA Security Rule, potentially affecting health systems’ security policies and operations. A Feb. 3 blog post by Coronis ...

An unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep. Since 2005, healthcare organizations have been subject ...

In recent years, health care organizations and the vendors that support them have been prime targets for cyber attacks. Indeed, just last year, the ransomware attack on the health care clearinghouse ...

The Department of Health and Human Services and the Office for Civil Rights have announced they will be soliciting comments on a proposal to modify the Security Standards for the Protection of ...

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters. Some states have laws and ethical rules regarding solicitation and ...