U.S. proposes rules to make medical data more secure

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is: Proposal of new cybersecurity requirements For healthcare organizations that aim to protect their patients’ personal data in the event of a cyber-attack: report Reuters. The regulations come after large-scale cyberattacks, such as one that compromised the personal information of more than 100 million UnitedHealth patients earlier this year.

that OCR’s proposal This includes requiring healthcare organizations to mandate multi-factor authentication in most circumstances, segment networks to reduce the risk of intrusions spreading from one system to another, and encrypt patient data so it cannot be accessed even if stolen. It works. It also directs regulated groups to perform certain risk analysis practices, maintain compliance documentation, and more.

This regulation is part of the cybersecurity strategy announced by the Biden administration last year. If confirmed, it would update security rules for the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which regulates doctors, nursing homes, health insurance companies and others, and was last updated in 2013.

U.S. National Security Advisor Anne Neuberger wrote that she estimated the cost of implementing this requirement to be “about $9 billion in the first year and $6 billion over years 2 to 5.” Reuters. The proposal will be published in the Federal Register. January 6thA 60-day public comment period begins before the final rule is set.