Provider Groups Call on Trump Administration to Reconsider Proposed HIPAA Update

Provider Organizations Urge Withdrawal of Proposed HIPAA Security Rule Update

Overview of the Proposed Update

More than 100 provider organizations are calling on the Trump administration to retract a proposed update to the HIPAA security rule aimed at enhancing healthcare cybersecurity. This update, initially introduced under the Biden administration in 2024, mandates that organizations and their business associates maintain written security policies and regularly review, test, and update them.

Concerns Raised by Provider Groups

In a recent letter addressed to HHS Secretary Robert F. Kennedy Jr., these provider groups express that the proposed regulation would impose “substantial new financial burdens” and feature “unreasonable implementation timelines.” The letter highlights their concerns regarding the regulatory burden that could accompany the rule if it is not withdrawn.

Alignment with Deregulatory Efforts

The letter, spearheaded by the College of Healthcare Information Management Executives and endorsed by entities such as Advocate Health, Yale New Haven Health System, and the American Medical Association, points out that the HIPAA proposal contradicts the Trump administration’s deregulatory agenda. Since taking office, Trump has aimed to halt Biden-era regulations while limiting new rule creation to reduce industry red tape. However, the proposed HIPAA update remains in consideration, raising concerns among provider groups regarding compliance requirements.

Organizations would need to adhere to many of the new regulations within 180 days of the rule’s finalization. In light of this, the providers are advocating for the Trump administration to engage in a “collaborative outreach initiative” to establish more feasible cybersecurity standards.

Support for Flexible Cybersecurity Standards

“We support updating cybersecurity standards for healthcare, and they must be flexible enough to accommodate the wide range of provider organizations,” the letter states. The providers emphasize that standards should enforce strong protections while allowing for innovation, enabling them to address evolving cybersecurity threats effectively.

Significance of the Proposed Updates

This proposed rule would mark the first update to the HIPAA security rule since 2013, according to the Biden administration. Its objective is to clarify and elaborate on the requirements for healthcare organizations and their business associates in safeguarding health data. Key reforms included in the proposal involve the creation of a technology asset inventory and a network map detailing the movement of protected health information, guidelines for conducting risk analyses, and enhanced planning requirements for security incidents.

Impact of Cyberattacks on Healthcare

The necessity for these updates is underscored by the increasing prevalence of cyberattacks in the healthcare sector. Such attacks can disrupt normal operations, hinder access to vital technology, delay patient care, and compel hospitals to reroute emergency cases. A notable incident in early 2024 involved an attack on Change Healthcare, a payment processor and technology firm owned by UnitedHealth, which caused significant turmoil in the industry and resulted in the exposure of data from nearly 193 million individuals—the largest healthcare breach reported to federal regulators.

All Health Conditions

Cancer

Chronic Pain

Chronic Systemic Conditions

Healthcare

Mens Health

Women's Health

All Wellness Topics

Age Well

Eat Well

Live Well

Well Body

All Clinical Trials

In The Pipeline

Magazine Archive

Patient Information

Pre Clinical Research

Category 1

Category 2

Category 3

Category 4

Category A

Category B

Category C

Category X

Category Y

All Medicine

Allergology and Immunology

Cardiology

Complementary and Alternative Medicine

Dentistry

Environmental Health