After yet another record year for health data breaches, updated federal security rules to protect patient information are on the table in 2025. Patients and providers have long complained that HIPAA, or the Health Insurance Portability and Accountability Act, is ill-suited to protect patients’ sensitive health data in the digital age — and in January, the Department of Health and Human Services proposed updated regulations to protect against the growing threat of cyberattacks.
But in thousands of public comments, health systems and providers have pushed back aggressively against the suggested changes to the security rule. Increased privacy protections, in their view, would impact the financial viability of medical practices — especially small ones — and even timely patient care.
“It’s frankly a blizzard of very technical requirements, which I think would understandably be intimidating and frightening to anything but the largest health care systems,” said David Blumenthal, who was national coordinator for health information technology under the Obama administration, of the proposed HIPAA security rule. “It does raise significant issues about whether small practices and small institutions can effectively protect patient privacy in the new age we’re living in.”
This article is exclusive to STAT+ subscribers
Unlock this article — and get additional analysis of the technologies disrupting health care — by subscribing to STAT+.
Already have an account? Log in
To read the rest of this story subscribe to STAT+.
