ADA urges HHS to withdraw proposed HIPAA cybersecurity rule
A broad coalition of national health care organizations, including the ADA, sent a joint letter to Health and Human Services Secretary Robert F. Kennedy, Jr., calling on the department to withdraw a proposed update to the HIPAA Security Rule and restart the process with greater collaboration from provider groups.
The Dec. 8 coalition letter was in response to the Notice of Proposed Rulemaking issued by the Health and Human Services’ Office for Civil Rights, titled “HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information.” Originally advanced during the previous administration, the proposal would establish new cybersecurity requirements for regulated health care entities. The coalition said the rule should be immediately withdrawn “without further consideration.”
“We instead encourage HHS to conduct a collaborative outreach initiative with our organizations and other regulated entities that are impacted to develop practical and actionable cybersecurity standards for more robust protections of individuals’ health information, without the extreme and unnecessary regulatory burden that health care providers and other stakeholders would face under the crushing and unprecedented provisions of this Proposed Rule,” the letter said.
The coalition emphasized that it supports strong cybersecurity standards and recognizes the importance of the existing HIPAA framework. However, it said the proposal would create significant new financial burdens for providers and require implementation timelines that do not align with the complexity of today’s health care technology systems.
While urging withdrawal of the proposal, the coalition called for Health and Human Services to partner more closely with providers and other stakeholders to craft cybersecurity standards that improve patient protections while remaining feasible for organizations of varying sizes.
“We urge you to withdraw the Proposed Rule; our organizations stand ready to work with the Trump Administration to ensure that we develop a more innovative approach and address cybersecurity concerns without imposing excessive burdens on the health care sector. We remain deeply committed to enhancing cybersecurity policies collaboratively and thoughtfully,” the coalition concluded.
