Jan. 15, 2025
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a proposed rule in the Jan. 6 Federal Register to substantially increase the stringency of the cybersecurity requirements for regulated entities in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

The intent of the proposed rule is to address prevalent cyberattack threats to electronic protected health information (ePHI) by proposing changes to various risk analyses, review, documentation, and other practices. Compliance costs for these proposals are estimated by OCR to be significant. However, the incoming administration signaled its intent to review many of the transition period’s major rules and proposals.

The American College of Radiology® (ACR®) is reviewing and communicating closely with other national physician organizations. To provide input for inclusion in future ACR comments, contact Michael Peters, ACR Senior Director, Government Affairs.

Related ACR News

  • State Legislation Update

    ACR tracks hundreds of healthcare-related bills each state legislative cycle.

    Read more
  • CDC Alert: Use Only Sterile Ultrasound Gel for Percutaneous Procedures

    The Centers for Disease Control and Prevention (CDC) alerted healthcare facilities about non-sterile ultrasound gel products.

    Read more
  • House Committee Includes Medicare Payment Reform in Budget Bill

    The U.S. House Committee on Energy and Commerce reported its section of the federal budget reconciliation bill out of committee.

    Read more