All posts tagged HIPAA

Cybersecurity Awareness Month 2025: The State of Healthcare’s Cybersecurity

By the EHR Association’s Privacy & Security Workgroup

Healthcare cybersecurity risks have surged to unprecedented levels over the 22 years since the HIPAA Security Rule was first implemented—and the 12 years since its last update. 

According to the HIPAA Wall of Shame,  of the 614 data breaches reported in 2013, 43% (269) affected the healthcare industry. That was the first year since 2005 that the healthcare sector ranked higher than business in terms of the number of data breaches. At 9 million, healthcare also recorded the second-highest number of affected individuals. 

(more…)
Leave a comment
by EHR Association on October 15, 2025  •  Permalink
Posted in Privacy and Security
Tagged , ,

Posted by EHR Association on October 15, 2025

https://ehrablog.org/2025/10/15/cybersecurity-awareness-month-2025-the-state-of-healthcares-cybersecurity/

HIPAA Security Rule Part Two: Proposed Changes Require Clarity, Flexibility

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two focuses on several of the proposed standards.

Our analysis of proposed changes to the existing HIPAA Security Rule, released as HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, revealed a mixed bag of positive changes and areas of concern. In the first installment of this blog series, we noted the EHR Association’s appreciation for its enhancements to the cybersecurity baseline. However, we expressed concern about the resources and costs required for regulated entities to comply with the overhauled mandates. We also reviewed the feedback we shared with OCR on its proposed changes to key definitions.

In this installment, we highlight our concerns with several of OCR’s proposed expectations, drawing attention to the need for greater clarity and offering recommendations to ease compliance burdens while achieving intended outcomes. 

(more…)
Leave a comment
by EHR Association on April 30, 2025  •  Permalink
Posted in Privacy and Security
Tagged , , , ,

Posted by EHR Association on April 30, 2025

https://ehrablog.org/2025/04/30/hipaa-security-rule-part-two-proposed-changes-require-clarity-flexibility/

HIPAA Security Rule Part One: Proposed Overhaul Closes Some Gaps, Opens Others

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information. Part one is focused on our overarching concerns and issues with proposed definitions.

Proposed changes to the existing HIPAA Security Rule, released as HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, include some long-overdue updates. However, the resources and costs required by healthcare provider organizations, health IT developers, and other regulated entities to comply with the sweeping changes will be too great for many to bear.

That was one of several important messages we shared with the HHS Office of Civil Rights (OCR) in our comment letter on the proposed rule

(more…)
Leave a comment
by EHR Association on April 28, 2025  •  Permalink
Posted in Privacy and Security
Tagged , , , , , , , ,

Posted by EHR Association on April 28, 2025

https://ehrablog.org/2025/04/28/hipaa-security-rule-part-one-proposed-overhaul-closes-some-gaps-opens-others/

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 198 other subscribers

  • Contact Us

    Kasey Nicholoff
    staff @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com