The U.S. Division of Well being and Human Companies (HHS) Workplace for Civil Rights has issued a proposed rule to enhance cybersecurity and higher shield the U.S. well being care system from an rising variety of cyberattacks. The AASM submitted feedback on the proposed rule, highlighting two key considerations that should be addressed to make sure the feasibility of those adjustments for suppliers.
Monetary Burden of Implementation
Multi-factor authentication, encryption of all digital protected well being data, and complete threat analyses would require substantial investments in expertise and employees coaching, which can considerably affect suppliers, significantly these in small and rural practices.
Compliance Timeline Challenges
The proposed 180-day compliance timeline from the efficient date of the ultimate rule will probably be extraordinarily troublesome for small and mid-sized practices with restricted data expertise assets. To facilitate a smoother transition, AASM recommends that HHS lengthen the compliance interval or introduce a phased implementation method permitting suppliers to undertake the required safety measures with out disrupting affected person care.
For extra data, learn the HHS reality sheet, “HIPAA Safety Rule Discover of Proposed Rulemaking to Strengthen Cybersecurity for Digital Protected Well being Data.” Members could ship questions concerning the HIPAA safety proposed rule to coding@aasm.org.
