For nearly 30 years, the Health Insurance Portability and Accountability Act (HIPPA) has protected sensitive health information from being disseminated to third parties without the consent of the patient. The right to one’s own medical information is critical, especially in a day and age in which personal information is being monetized by bad actors. This is why it is notable that The Department of Health and Human Services (HHS) has filed proposed modifications to HIPPA in order to strengthen cybersecurity protections. At a time when there is widespread legal ambiguity over what data is HIPPA protected, the HHS is taking steps to ensure patient rights.
Why are there legal questions as to how healthcare organizations can/should share patient data with one another? A federal case, AHA v. Becerra, complicated what pieces of information could be considered patient information. The ruling was not sufficiently clear which has led to confusion and a reluctance for healthcare organizations to act for fear of lawsuits. Furthermore, these concerns come at a time when ransomware is being utilized more than ever to attack these same organizations: nearly 400 attacks have occurred in 2024, and the scope of these breaches is far more significant than in years prior. Not only are healthcare organizations worried about sharing data with one another, they are afraid of losing it to outside parties.
So, although HIPPA changes and updates occur far more than the general public realizes, this update has been sorely needed. The framework for this change was conceptualized with the development of cybersecurity goals for the healthcare sector in mind. At the moment, compliance for these cybersecurity rules will be voluntary; however, the Health and Human Services Department’s Office for Civil Rights (OCR) believes a new update will make some of these requirements mandatory. A senior advisor for the OCR has been quoted as saying there have been “tremendous increases in the use of ransomware and hacking to obtain unauthorized access.” Thankfully, there is also significant attention being paid to this issue by the OCR. We will continue to monitor this story for additional updates.
