Dissecting the 2025 Proposed HIPAA Security Rule: Refresh, Rewrite or Revolution?

In the waning days of 2024 (and the Biden Administration) the HHS Office of Civil Rights announced a new proposed rule that would significantly rewrite the HIPAA Security Rule.  The proposed rule strengthens existing regulations and brings them up to date with modern technologies.  OCR also expressly designed the rule to deal with new threats to cybersecurity in the healthcare industry.

This program will introduce students and participants to the major changes contained in the proposed rule.  This program is suitable for general counsel, privacy officers, and IT professionals with cybersecurity responsibilities within health care providers or health plans.

Learning Objectives: 

1. Prepare listeners to deal with new strengthened risk analysis and assessment requirements, including the required technology asset inventory and network map
2. Identify new requirements for compliance audits
3. Discuss new provisions around emergencies and contingency planning
4. Help listeners understand the removal of the required/addressable distinction, which adds significantly to existing HIPAA requirements
5. Describe new encryption and multi-factor authentication requirements