The US proposes rules to make healthcare data more secure

U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Put forward new network security requirements For healthcare organizations aiming to protect patients’ private data in the event of a cyberattack, Report Reuters. The rules come after major cyberattacks earlier this year, such as one that exposed the private information of more than 100 million UnitedHealthcare patients.

this OCR advice These include requiring healthcare organizations to mandate multi-factor authentication in most cases, segmenting networks to reduce the risk of intrusions spreading from one system to another, and encrypting patient data so that it can be protected even if stolen. Inaccessible. It will also guide regulated groups on certain risk analysis practices, maintenance of compliance documents, etc.

This rule is part of the rule Cyber ​​Security Strategy This was announced by the Biden administration last year. Once finalized, it will update the security rules of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which regulate doctors, nursing homes, health insurance companies and others and were last updated in 2013.

Deputy National Security Adviser Anne Neuberger wrote that the cost of implementing the requirements “is estimated at $9 billion in the first year and $6 billion in years two through five.” Reuters. The proposal will be published in the Federal Register January 6which will initiate a 60-day public comment period before the final rule is developed.