Jan. 15, 2025
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a proposed rule in the Jan. 6 Federal Register to substantially increase the stringency of the cybersecurity requirements for regulated entities in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

The intent of the proposed rule is to address prevalent cyberattack threats to electronic protected health information (ePHI) by proposing changes to various risk analyses, review, documentation, and other practices. Compliance costs for these proposals are estimated by OCR to be significant. However, the incoming administration signaled its intent to review many of the transition period’s major rules and proposals.

The American College of Radiology® (ACR®) is reviewing and communicating closely with other national physician organizations. To provide input for inclusion in future ACR comments, contact Michael Peters, ACR Senior Director, Government Affairs.

Related ACR News

  • Bill Introduced to Expand Access to Lung Cancer Screening

    The bill would enable healthcare organizations to purchase new mobile cancer screening units under a program within the HRSA, with an emphasis on lung cancer.

    Read more
  • ACR Urges HHS to Promote Annual Lung Cancer Screenings

    In a recent comment letter, the College presented updated data that highlights the life-saving potential of lung cancer screening.

    Read more
  • FDA Approves Alternative Standard Breast Density Reporting

    The Alternative Standard will allow the physician to provide an overall assessment of breast density with singular phrasing in reports of unilateral mammograms.

    Read more