As the leading services provider of cybersecurity for small healthcare providers, OrbitalFire is closely monitoring the evolving regulations around HIPAA and HITECH.

The Department of Health and Human Services (HHS) has proposed updates to the HIPAA Security Rule under HIPAA and HITECH aimed at strengthening the protection of electronic protected health information (ePHI). Click Here to View The Proposed Rule.

The proposed modifications, part of a Notice of Proposed Rulemaking (NPRM), would revise existing against evolving cybersecurity risks, increased breaches, and deficiencies identified in compliance investigations. The proposed modifications would:

1. Adapt to changes in the healthcare environment.
2. Respond to significant increases in cyberattacks and breaches.
3. Address common compliance issues observed in regulated entities (covered entities and business associates).
4. Align with modern cybersecurity best practices and methodologies.
5. Reflect recent court decisions impacting enforcement of the Security Rule.

These updates are intended to enhance the confidentiality, integrity, and availability of ePHI, ensuring it is better protected against evolving threats.

This proposed rule is currently in a comment period through 3/7/2025, which we estimate means we are about a year or more away from any kind of enforcement of the proposed changes.

As we know more and get closer to a final amendment, we will update all OrbitalFire customers regarding potential impact.

Questions on proposed changes or how to comply with current HIPAA and HITECH regulations? OrbitalFire customers can contact support@orbitalfire.com.

Click Here for more on OrbitalFire’s compliance and other comprehensive cybersecurity services.