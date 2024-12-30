HHS plans to modify HIPAA to better safeguard the healthcare industry from hackers.

The agency issued a proposed rule Dec. 27 with plans to publish more details and open it up to public comments Jan. 6.

In 2023, over 167 million individuals were affected by large healthcare data breaches, a number that is expected to increase in 2024 after the February ransomware attack on claims processor Change Healthcare, the largest healthcare hack in history.

Here are six things the proposed changes to HIPAA would require of healthcare providers:

1. Encrypt electronic protected health information "with limited exceptions."

2. Implement multifactor authentication "with limited exceptions."

3. Deploy antimalware software.

4. Establish written procedures to restore EHR systems and data within 72 hours of a cyberattack.

5. Notify certain regulators within 24 hours when an employee's electronic access to EHR data or systems is changed or terminated.

6. Develop and revise an inventory and network map that illustrates the movement of EHR data through the organization's systems at least once every 12 months.