Regulatory Updates
Regulatory Updates provide quick access to employee benefit regulations, rulings and other guidance released by governmental agencies in the U.S. and Canada.
New updates to this page may be included in Today’s Headlines which is emailed to International Foundation members each business day. Inquiries regarding these updates should be directed to the Benefits Knowledge Center at the International Foundation at (888) 334-3327, option 5 or [email protected].
Search Regulatory Updates
HHS Proposes Modifying HIPAA Security Rule to Strengthen the Cybersecurity of Electronic PHI; Comments Due March 7
- Modify the HIPAA Security Rule to require health plans, health care clearinghouses, and most health care providers, and their business associates to better protect individuals’ electronic PHI against both external and internal threats;
- Clarify and provide more specific instruction about what covered entities and their business associates must do to protect the security of electronic PHI;
- Require that policies and procedures be in writing, reviewed, tested, and updated on a regular basis; and
- Better align the Security Rule with modern best practices in cybersecurity.
- Changes in the environment in which health care is provided;
- Significant increases in breaches and cyberattacks;
- Common deficiencies OCR has observed in investigations into Security Rule compliance by covered entities and their business associates;
- Other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and
- Court decisions that affect enforcement of the Security Rule.