Get Live Chat Request a Callback Get live demo

← Back

Proposed Changes to the HIPAA Security Rule

Public Policy

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI) amid rising cyber threats.

Key Proposed Changes:

  • Elimination of “Required” and “Addressable” Specifications: The proposal removes the distinction between “required” and “addressable” implementation specifications, mandating that all safeguards be implemented as specified.
  • Enhanced Business Associate Agreements: Covered entities would need to update agreements to require business associates to notify them upon activation of contingency plans within 24 hours and to provide annual written analyses and certifications of compliance with technical safeguards.
  • Regular Policy Reviews: Entities must maintain written policies and procedures, conducting regular reviews, testing, and updates to ensure ongoing effectiveness.
  • Alignment with Cybersecurity Best Practices: The rule aims to align with modern cybersecurity frameworks, such as the NIST Cybersecurity Framework, to address current and emerging threats.

How do these proposed changes impact your practice?

If you use the TLD Systems HIPAA Security Tool, the impact will be relatively low. TLD Systems already collects information on all required and addressable specifications and provide you with recommendations to be compliant with all specifications.

TLD Systems just updated the Business Associate agreements to accommodate the new rules related to reproductive health. TLD Systems will be updating these documents to include a clause for notification upon activation of contingency plans. You will receive alerts to execute updated Business Associate Agreements once TLD Systems has implemented these upgrades

TLD Systems already reaches out to you annually to have you review your policies and procedures. TLD Systems will continue to support you in this manner.

Our tool is already aligned with Cybersecurity Best Practices. All of the technical items discussed in the proposed changes are already part of our HIPAA Risk Analysis tool and Risk Mitigation tool.

If you are not already utilizing TLD Systems to support your HIPAA compliance, now is the time to start. Get your practice on track to be prepared for a HIPAA audit today.

https://www.tldsystems.com
phone: (631) 403 6687
email:  [email protected]


Avatar photo
Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)
Topic: Public Policy



Other Resources Related to This Topic

MACRA/MIPS

Promoting Interoperability 2025 Guide

Use this step-by-step guide in conjunction with the AdvancedMD Help Files or the MIPS Promoting...

Read Now ›

MACRA/MIPS

MIPS Value Pathways (MVP) 2025 Highlights

Each MVP includes measures and activities from the quality performance category, improvement activities performance category,...

Read Now ›

MACRA/MIPS

Traditional MIPS Highlights 2025

2025 updates for Traditional MIPS Highlights.

Read Now ›