Jan. 15, 2025
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a proposed rule in the Jan. 6 Federal Register to substantially increase the stringency of the cybersecurity requirements for regulated entities in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

The intent of the proposed rule is to address prevalent cyberattack threats to electronic protected health information (ePHI) by proposing changes to various risk analyses, review, documentation, and other practices. Compliance costs for these proposals are estimated by OCR to be significant. However, the incoming administration signaled its intent to review many of the transition period’s major rules and proposals.

The American College of Radiology® (ACR®) is reviewing and communicating closely with other national physician organizations. To provide input for inclusion in future ACR comments, contact Michael Peters, ACR Senior Director, Government Affairs.

Related ACR News

  • New Resource Empowers ACR Members to Shape Medicare Policy

    ACR’s CAC Network empowers members to help shape Medicare policy, boost radiology’s voice, and advance patient care through national advocacy.

    Read more
  • ACR Supports Radiation Oncology Case Rate (ROCR) Legislation

    ACR reaffirmed support for ROCR (H.R.2120/S.1031) to protect access to high quality radiation therapy cancer services.

    Read more
  • ACR Proposes Radiology CPT Codes for 2027 Cycle

    ACR submits CPT® code proposals for 2027; AMA decisions expected Oct. 3. 2026 updates available on ACR site and Coding Source.

    Read more