Jan. 15, 2025
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a proposed rule in the Jan. 6 Federal Register to substantially increase the stringency of the cybersecurity requirements for regulated entities in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

The intent of the proposed rule is to address prevalent cyberattack threats to electronic protected health information (ePHI) by proposing changes to various risk analyses, review, documentation, and other practices. Compliance costs for these proposals are estimated by OCR to be significant. However, the incoming administration signaled its intent to review many of the transition period’s major rules and proposals.

The American College of Radiology® (ACR®) is reviewing and communicating closely with other national physician organizations. To provide input for inclusion in future ACR comments, contact Michael Peters, ACR Senior Director, Government Affairs.

Related ACR News

  • CMS Updates ICD-10 Codes for Radiology NCDs

    Change Request 14194 details ICD-10 coding revisions for mammograms, PET for oncologic conditions and percutaneous image-guided breast biopsy.

    Read more
  • House Spending Bill Maintains NIH Funding Levels

    The House FY2026 spending bill maintains NIH funding at $48B, rejecting proposed cuts; ACR continues advocacy for medical research as a national priority.

    Read more
  • Feds Propose Revising Small Business Size Standards

    The SBA released a proposed rule to revise the monetary-based small business size standards for 263 industries, including diagnostic imaging centers.

    Read more