The U.S. Department of Health and Human Services (HHS) has issued a Notice of Proposed Rulemaking (NPRM) to update the HIPAA Security Rule for the first time in over 20 years, aiming to address evolving cybersecurity threats and data breaches in the healthcare industry. HITRUST welcomes these updates and is committed to supporting healthcare entities in navigating these new compliance requirements.
In our official statement, we highlight how organizations with HITRUST certifications are already well-positioned to meet over 90% of the proposed requirements, thanks to our robust framework and commitment to comprehensive risk management. Our statement also outlines the challenges posed by the NPRM and provides actionable recommendations to ensure that the proposed regulations effectively enhance cybersecurity without introducing unnecessary complexities.
We invite you to explore our full statement to learn more about HITRUST’s perspective on the NPRM, our commitment to supporting the healthcare industry, and our continued efforts to drive meaningful advancements in cybersecurity.