Interested in training for your team? Click here to learn more

HIPAA Compliance and Increased Cyber Threats: Proposed HIPAA Security Rule Changes, Agency Guidance, Enforcement Action

A live 90-minute CLE video webinar with interactive Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Wednesday, March 5, 2025

1:00pm-2:30pm EST, 10:00am-11:30am PST

Early Registration Discount Deadline, Friday, February 7, 2025

or call 1-800-926-7926
Add to your calendar

This CLE webinar will examine the challenges in HIPAA Security Rule compliance in an age of ever-increasing ransomware and cyberattacks. The panel will review the HIPAA Security Rule requirements and proposed amendments to the Rule, additional HHS agency guidance, and notable recent OCR settlements. The panel will offer best practices for cybersecurity compliance while mitigating the risk of HIPAA violations and enforcement action.

Description

The healthcare industry continues to experience a significant rise in cyberattacks. In support of its recent release of the proposed revisions to the HIPAA Security Rule, OCR states that the number of people affected by cyberattacks every year "has skyrocketed exponentially." Since 2019, large breaches caused by hacking and ransomware have increased 89 percent and 102 percent. Despite years of HHS guidance and the agency's recent adoption of Cybersecurity Performance Goals, HHS felt it necessary to establish much of its prior guidance as regulatory requirements through the notice of proposed rulemaking released Dec. 27, 2024.

In a number of notable recent settlements, healthcare providers who were victims of ransomware attacks subsequently suffered hefty penalties for potential HIPAA violations as a result of OCR investigations triggered by the attacks. In addition to OCR enforcement, cyberattacks may trigger additional enforcement action by state Attorneys General and the expense of civil litigation. Finally, as part of its HITECH obligations, OCR announced initiation of its 2025 HIPAA Audit program targeting HIPAA Security Rule provisions.

Therefore, HIPAA covered entities and business associates should be up to date on HIPAA requirements impacting cybersecurity, including HHS' recently issued proposed changes to the HIPAA Security Rule and the latest agency guidance--e.g., HHS' and NIST's joint Cybersecurity Resource Guide and NIST's Cybersecurity Framework--to manage cybersecurity risks, remain compliant, and mitigate the risk of enforcement action.

Listen as our expert panel examines HIPAA compliance in the age of increased cyber threats. The panel will provide an overview of HIPAA requirements and the proposed HIPAA Security Rule revisions as well as the latest agency guidance. The panel will discuss lessons to be learned from notable recent settlements and offer best practices for mitigating the risk of cyber threats and possible subsequent enforcement actions.

READ MORE

Outline

  1. Introduction
    1. Ransomware and other cybersecurity threats to patient data privacy
  2. Proposed HIPAA Security Rule changes
    1. HHS proposed revisions to the HIPAA Security Rule
  3. Additional agency guidance for HIPAA cybersecurity compliance
    1. HHS' and NIST's joint Cybersecurity Resource Guide
    2. NIST's Cybersecurity Framework
  4. Lessons learned from recent settlements
  5. Preparation for OCR Security Audits
  6. Best practices for managing cybersecurity risks and mitigating risk of enforcement action

Benefits

The panel will review these and other important considerations:

  • What challenges face healthcare counsel and their clients in managing cyber threats and maintaining data privacy?
  • How may the proposed HIPAA Security Rule revisions impact the development and implementation of cybersecurity compliance programs?
  • In addition to HIPAA requirements, what additional agency guidance should counsel and their clients be aware of when developing compliance programs?
  • What are best practices for cybersecurity compliance and mitigating the risk of enforcement action by OCR and others in the event of a data breach?

Faculty

Pitman, Beth Neal
Beth Neal Pitman
Partner
Holland & Knight

Ms. Pitman advises healthcare systems and providers and healthcare information technology (IT) businesses when...  |  Read More

Additional faculty
to be announced.
Attend on March 5

Early Discount (through 02/07/25)

Cannot Attend March 5?

Early Discount (through 02/07/25)

You may pre-order a recording to listen at your convenience. Recordings are available 48 hours after the webinar. Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video