CHICAGO – January 16, 2026 – The HIMSS Electronic Health Record (EHR) Association announced today the results of its annual leadership elections for terms that began Jan. 1, 2026. Leigh Burchell, Vice President of Policy and Government Affairs at Altera Digital Health, will continue as Chair, and Stephanie Jamison, Senior Director of Regulatory and Government Affairs at Greenway Health, continues as Vice Chair.
(more…)All posts tagged Cybersecurity
Electronic Health Record Association Announces its 2026 Leadership Team and Priorities
Posted by EHR Association on January 16, 2026
https://ehrablog.org/2026/01/16/electronic-health-record-association-announces-its-2026-leadership-team-and-priorities/
Cybersecurity Awareness Month: Key Cybersecurity Controls and Practical Challenges
By the EHR Association’s Privacy & Security Workgroup
Health care faces several security risks that make a focus on cybersecurity particularly critical. In particular, the industry is challenged by dual threats: highly valuable patient data (worth more on the black market than financial data at this point) and system interdependencies that directly introduce additional risk. A single cyber incident can disrupt hospital operations, delay treatments, and even jeopardize patient safety.
(more…)Posted by EHR Association on October 28, 2025
https://ehrablog.org/2025/10/28/cybersecurity-awareness-month-key-cybersecurity-controls-and-practical-challenges/
EHRA Statement on 2025 Cybersecurity Awareness Month
October is Cybersecurity Awareness Month. The 2025 theme is “Building a Cyber Strong America,” highlighting the need to strengthen the country’s infrastructure against cyber threats and ensure resilience and security. In recognition of healthcare’s rising threat profile and the urgent need to shore up cybersecurity industry-wide, the EHR Association shares the following statement:
Cybersecurity Awareness Month is an ideal opportunity to highlight the healthcare industry’s unique security risks, in particular the dual threat we collectively face from the highly valuable patient data held in our health IT systems, as well as the critical dependencies that directly impact patient care. Health data is a top target for nefarious actors, and a single cyber incident can cause lasting harm by disrupting operations, delaying treatments, and jeopardizing lives. To reduce the industry’s risk profile, the EHR Association advocates for stronger protections and realistic, risk-based implementations of security safeguards that enhance resilience without overwhelming resource-constrained hospitals, health systems, and other provider organizations.
– EHR Association Privacy & Security Workgroup
Posted by EHR Association on October 1, 2025
https://ehrablog.org/2025/10/01/ehra-statement-on-2025-cybersecurity-awareness-month/
HIPAA Security Rule Part Three: Risk-Based and Industry-Aligned Approaches Recommended
By the EHR Association Privacy & Security Workgroup
This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two and this installment highlight our concerns with OCR’s proposed expectations.
The HIPAA Security Rule is overdue for modernization, given the rapid pace of technological change and increasing cybersecurity threats. While we support OCR’s intent to strengthen protections for electronic protected health information (ePHI), our analysis of the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information raised concerns and questions we hope will be addressed before finalization.
(more…)Posted by EHR Association on May 9, 2025
https://ehrablog.org/2025/05/09/hipaa-security-rule-part-three-risk-based-and-industry-aligned-approaches-recommended/
HIPAA Security Rule Part Two: Proposed Changes Require Clarity, Flexibility
By the EHR Association Privacy & Security Workgroup
This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two focuses on several of the proposed standards.
Our analysis of proposed changes to the existing HIPAA Security Rule, released as HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, revealed a mixed bag of positive changes and areas of concern. In the first installment of this blog series, we noted the EHR Association’s appreciation for its enhancements to the cybersecurity baseline. However, we expressed concern about the resources and costs required for regulated entities to comply with the overhauled mandates. We also reviewed the feedback we shared with OCR on its proposed changes to key definitions.
In this installment, we highlight our concerns with several of OCR’s proposed expectations, drawing attention to the need for greater clarity and offering recommendations to ease compliance burdens while achieving intended outcomes.
(more…)Posted by EHR Association on April 30, 2025
https://ehrablog.org/2025/04/30/hipaa-security-rule-part-two-proposed-changes-require-clarity-flexibility/
HIPAA Security Rule Part One: Proposed Overhaul Closes Some Gaps, Opens Others
By the EHR Association Privacy & Security Workgroup
This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information. Part one is focused on our overarching concerns and issues with proposed definitions.
Proposed changes to the existing HIPAA Security Rule, released as HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, include some long-overdue updates. However, the resources and costs required by healthcare provider organizations, health IT developers, and other regulated entities to comply with the sweeping changes will be too great for many to bear.
That was one of several important messages we shared with the HHS Office of Civil Rights (OCR) in our comment letter on the proposed rule.
(more…)Posted by EHR Association on April 28, 2025
https://ehrablog.org/2025/04/28/hipaa-security-rule-part-one-proposed-overhaul-closes-some-gaps-opens-others/
EHRA Blog 