Jan. 15, 2025
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a proposed rule in the Jan. 6 Federal Register to substantially increase the stringency of the cybersecurity requirements for regulated entities in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.

The intent of the proposed rule is to address prevalent cyberattack threats to electronic protected health information (ePHI) by proposing changes to various risk analyses, review, documentation, and other practices. Compliance costs for these proposals are estimated by OCR to be significant. However, the incoming administration signaled its intent to review many of the transition period’s major rules and proposals.

The American College of Radiology® (ACR®) is reviewing and communicating closely with other national physician organizations. To provide input for inclusion in future ACR comments, contact Michael Peters, ACR Senior Director, Government Affairs.

Related ACR News

  • Supreme Court Upholds Preventive Services Coverage

    ACR commends the Supreme Court’s ruling affirming the constitutionality of the structure and appointment process of the U.S. Preventive Services Task Force.

    Read more
  • ACR Drives Urgency For Medicare Pay Fix in Senate Bill

    ACR highlighted the urgent need for a permanent Medicare physician pay fix in a June 23 letter to U.S. Senate leaders.

    Read more
  • ACR Urges Senate to Reconsider Student Loan Program Changes

    ACR and other medical groups cautioned that the student loan provisions would make medical and dental education less accessible to many qualified individuals.

    Read more