Quasa
Use QUASA App
Join the pioneer of Web3 crypto freelancing today!
Open
Security and protection

The New HIPAA Bill Aims to Bolster Cybersecurity

|Author: Viacheslav Vasipenok|4 min read| 2417
The New HIPAA Bill Aims to Bolster Cybersecurity

Hello!

The New HIPAA Bill Aims to Bolster CybersecurityBusinesses and providers in the U.S. healthcare industry are finally seeing a positive development in what has long felt like an overwhelming regulatory burden. HIPAA, the Health Insurance Portability and Accountability Act enacted in 1996, remains the cornerstone legislation governing the privacy and security of healthcare information while also supporting continuity of coverage during job transitions.

Despite its foundational importance, the law has struggled to keep pace with today’s rapidly evolving challenges in healthcare data protection.

HIPAA and Cybersecurity

When HIPAA was first introduced, cybersecurity threats were minimal. Today, the healthcare sector faces the highest volume of data breaches across all industries, driven largely by sophisticated cyberattacks.

The New HIPAA Bill Aims to Bolster CybersecurityHIPAA’s compliance requirements are widely viewed as extensive and complex. Each year, numerous covered entities and business associates face penalties for data breaches, many of which originate from cybersecurity incidents. Cyberattacks continue to grow more advanced and harder to prevent, yet HIPAA offers only limited, high-level guidance on security practices rather than concrete requirements.

This has created an uneven landscape where organizations could be penalized for incidents that were difficult to fully mitigate. Cyberattacks have increased by 45% since November 2026.

What Changed?

The New HIPAA Bill Aims to Bolster CybersecurityOn January 5, 2021, President Trump signed the HIPAA Safe Harbor bill (H.R. 7898) into law, amending the HITECH Act. The Department of Health and Human Services (HHS) is now required to recognize and incentivize the adoption of robust, industry-standard security practices.

Covered entities and business associates may qualify for reduced HIPAA fines and penalties if they demonstrate strong security measures. HHS must evaluate an organization’s security practices over the preceding 12 months before determining penalties. Several key provisions stand out:

First, HHS is required to factor cybersecurity measures into fine calculations for security-related incidents, as outlined in cybersecurity measures.

The New HIPAA Bill Aims to Bolster CybersecuritySecond, organizations that meet recognized security best practices may benefit from shorter and less extensive audits.

Third, HHS cannot increase fines or extend audit durations solely because an organization has not fully aligned with recognized security standards.

Recognized security standards include guidelines established under the NIST Act and the Cybersecurity Act of 2015.

This development encourages healthcare providers and business associates to strengthen their investments in HIPAA compliance tools and advanced cybersecurity measures. Assessments now focus on alignment with the HIPAA Security Rule, and organizations are urged to implement documented security action plans following risk assessments.

Healthcare providers must address multiple operational areas to maintain robust protection. Below are practical strategies to enhance cybersecurity posture.

Tips To Improve Cybersecurity in Healthcare

The New HIPAA Bill Aims to Bolster CybersecurityCyberattacks and hacking attempts are becoming increasingly sophisticated. Even organizations following established practices can experience breaches. The following strategies can help healthcare providers and business associates reduce risk:

Fostering a Strong Culture of Security

Effective security practices must be championed by leadership. Treating data protection as a core corporate value, backed by adequate staffing and funding, helps embed security into daily operations.

Securing Mobile Devices

The rise of bring-your-own-device (BYOD) policies, accelerated by the COVID-19 pandemic, has introduced new vulnerabilities. When employees access organizational systems over personal networks, potential entry points for attackers increase. Limiting access to sensitive data, enforcing encryption, and applying additional controls when transmitting PHI on mobile devices are essential safeguards.

Proper Staff Training

The New HIPAA Bill Aims to Bolster CybersecurityCybersecurity education remains limited among many healthcare staff. Incorporating real-world examples of phishing and hacking into HIPAA security training helps employees recognize and promptly report suspicious activity.

Updating Software and Operating Systems

Delayed security patches and software updates leave organizations exposed. New releases often address known vulnerabilities that attackers actively exploit. Keeping systems current ensures access to the latest protective features.

Ensure Compliance and Get Incentives

The New HIPAA Bill Aims to Bolster CybersecurityThe HIPAA Safe Harbor bill is expected to motivate more organizations to adopt stronger cybersecurity practices. Many leading providers now use HIPAA compliance software that streamlines risk assessments and documentation, guiding users through required steps without requiring exhaustive legal study.

Compliance and security reinforce each other. Following the Safe Harbor provisions not only helps mitigate substantial fines but also significantly lowers the risk of damaging cyberattacks and ransomware.

Thank you!
Join us on social networks!
See you!

Share:

Subscribe to our newsletter

Get the latest Web3, AI, and crypto news delivered straight to your inbox.

0