The CAP supports proposed cybersecurity protections for patients, while also encouraging a federal health agency to avoid unintended consequences of new regulation.
The Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), published a proposed rule to improve cybersecurity and better protect the US health care system from a growing number of cyberattacks. In response to the proposed rulemaking, the CAP suggested implementing a risk-based approach to standardized federal cybersecurity procedures to protect sensitive patient data.
If finalized, the rulemaking would modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirements for health plans, health care clearinghouses (an organization that enables the exchange of health care data between a provider and a payer, and most health care providers and their business associates, to strengthen cybersecurity protections for individuals’ protected health information.
Additional information is available online.