Connecting Growth & Efficiency
HIPAA security rule

Why It’s Time To Update The HIPAA Security Rule

Why It’s Time To Update The HIPAA Security Rule

HIPAA compliance is a federal law that was enforced by the Office of Civil Rights of the U.S. Department (HHS). The idea behind it was to protect the privacy and security of health data. The law was passed in 1996 under the technological advancements that persisted during that time frame. It was finalized in 2003 to establish national standards for physical, administrative, and technical safeguards for the safety and confidentiality of the information.

The HIPAA Security Rule ensures the protection of a patient’s protected health information (ePHI) by physicians, which is electronically stored. With the rapid evolution of technology, there has been an emergence of a vast number of cyber threats. The Security Rule mentions device and media controls which were existent during the time the rule was framed. These policies and procedures, however, lag mostly in technological updates, thereby failing to meet its purpose.

Addressed terms that have turned vague with time

The HIPAA Security rule addresses “device and media controls” but does not mention anything about mobile devices or electronic systems. Over time, mobile phones and other devices have come into view and have become apart of our daily lives. These types of cyber threats and security breaches have entirely changed with time and are not mentioned in the compliance.

It mentions login monitoring while the entire systems and sub-systems have turned into a client-server base. It was suitable for a time when the systems required mainframes, but as of now, it is irrelevant. Similarly, it mentions the mandating of integrity controls in the era of reliable protocol transmissions. All of these addressed terms do not fit into the current scenario and make these policies unclear and irrelevant.

Why It’s Time To Update The HIPAA Security Rule

The HIPAA security rule needs to recognize modern technology and best practices.

The HIPAA Security Rule only covers electronic PHI rather than the modern tools and devices that are widely in use these days. The world today is switching to newer and more advanced technologies such as cloud-based and client-server-based technologies—also, new threats are emerging each day. Therefore, HIPAA must update its rule from time to time to keep up with the pace of technological advancements. It should address cyber-threats and security issues that currently dominate and wreak havoc in the industry. 

The HIPAA security rule should be made flexible and adaptable to meet the purpose it was initially framed for. It must recognize the best practices for HIPAA security, such as:

These can assure meeting the required security procedures to implement a secure, compatible, and updated Security Rule.

Why It's Time To Update The HIPAA Security Rule

HIPAA security rule needs clarity about risk analysis, policies, and incidents

While the current HIPAA security is vague and irrelevant in particular areas, it also requires proper clarification in risk analysis, policies, and incidents. Implying security controls that meet the modern requirements by addressing them clearly can help make it better.

Risk Analysis: With a coexisting reference of “risk analysis” with “risk assessment” as mentioned by NIST, there is a constant confusion regarding this term. Therefore, the HIPAA Security Rule should say clearly about the number of analyses and tests that should be conducted on the systems and structures where the ePHI data is stored.

Policies: This term has different interpretations. Many understand policies as mere documents defining management’s demands to technical settings or controls. Thus, the HIPAA Security Rule needs to identify the relevant definition, or an Active Directory to make it more transparent and more predictable.

Incidents: The HIPAA security rule addresses events and requirements that were applicable and necessary during 1998. IT needs to upgrade and be realistic enough to meet current demands. Therefore, it should be able to determine the occurrence of any phishing or ransomware breaching taking place.

Why It's Time To Update The HIPAA Security Rule

Enforcing continuous updates in the Security Rule can help combat the significant security threats dominant in the industry. Refreshing the rule will help serve the purpose it was initially framed for.
Share this Post
Share on facebook
Share on twitter
Share on reddit
Share on linkedin
Share on email
Have a question? Ask Us!
DIY & Self Help Center
Subscribe to our weekly newsletter!
Get news in your mailbox- Tips and tricks in marketing, tech, compliance and latest in practice management.
Unsubscribe anytime.

Your Marketing & Practice Management Info Source!

Reputation Management
Social Media
Email Marketing
Online Advertising

Are you looking to build a new website?

Do you want to estimate the cost of Search Engine Ranking (SEO) Services for your practice?

SEO helps you get found when people search on internet. A better ranking means you can create reputation for specific services. Like “vaccine friendly doctor” or “carpal tunnel specialist”

Do you want to estimate cost for Review Management or Reputation Management Services?

83% of people look up reviews online before they engage with any practice. Getting more positive reviews for your practice makes it more likely for people to come and be your long term client. It also improves your SEO.

Do you want to include cost estimate for Social Media Marketing for your practice?

Do you want to include cost estimate for email marketing for your practice?

Online advertising is a great way to get new patients - Best of all - You only pay if someone clicks on your Ad.

Your Information

This website uses cookies to ensure you get the best experience on our website.