Proposed Updates to HIPAA for IT

June 18, 2025June 18, 2025| aritadminaritadmin| 11:47|
Categories:

As we move out of the first half of 2025, I want to take a moment to provide insight into some potentially significant changes to the HIPAA Hi-Tech regulations on the horizon. 

If you have not already read in an industry journal or been informed by your compliance officer, the Office for Civil Rights (OCR) issued a notice for proposal at the end of 2024 with a federal register opened for comment on January 6, 2025. 

These changes are focused on protecting and securing data in the healthcare environment and contain a lot of necessary updates from the version enacted in 2013. The 125-page federal register explains the rational for all the proposed changes and cites several real-world examples where a healthcare entity’s lack of technical compliance resulted in a data breech or cybersecurity event. 

Once the proposed changes are agreed upon, they will become effective 60 days after publication. Covered entities will be given and 180 days to comply with the new standards. 

Here is a summary of several mandatory items proposed. 

  • Written policies for breeches, disaster recovery, IT security, and IT management. 
  • Documented audit and review or written policies and procedures every 12 months.
  • Training of staff on cybersecurity and data protection. 
  • Documented asset management and inventory. 
  • Patching and firmware updates for IT hardware and software. 
  • Retirement of unsupported/end-of-life IT equipment. 
  • Encryption of data both at rest and in-motion (storing, sending, or receiving).
  • Active monitoring and documented responses or cybersecurity threats and data breeches. 
  • Individual user and service identification, tracking, and monitoring of PHI access/use.
  • Two-factor authentication and increased identity security. 

Make sure your reach out to a trusted IT professional to learn more about these upcoming changes and how it could impact your business.

References

Full federal register document: https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf

HIPAA Journal article: https://www.hipaajournal.com/hipaa-updates-hipaa-changes/

Reuters article: https://www.reuters.com/legal/litigation/new-legal-developments-herald-big-changes-hipaa-compliance-2025-2025-04-07/

Related Posts

October 22, 2024October 22, 2024

What does Windows 10 end-of-support mean?

Earlier this year, Microsoft announced the end-of-life date for Windows 10. Windows 10 was released to the public in July...

Read MoreRead More