The outlook for HIPAA and cybersecurity enforcement under new HHS Secretary Tom Price

Tom Price speaks at hearing
HHS Secretary Tom Price has criticized burdensome federal regulations before; will HIPAA and the HITECH Act face the same scrutiny?

Newly confirmed Department of Health and Human Services (HHS) Secretary Tom Price is no fan of federal regulations, leaving providers and cybersecurity leaders wondering how his views will translate to HIPAA and cybersecurity enforcement.

Price has already expressed distaste for Meaningful Use requirements, arguing that they have turned physicians into “data entry clerks,” but he concedes that EHRs are “important from an innovation standpoint.”

RELATED: 10 things to know about new HHS secretary Tom Price

Webinar

Home State Health Leverages Conversational AI to Activate Their Members, Address SDOH, and Improve Quality Measures

Like many health plans, engaging and activating vulnerable populations at scale is critical to Home State Health. This case study from Home State Health focuses on engaging Medicaid members at scale on numerous topics leading to desired outcomes including: working with the State to develop the most optimal opt-in program; the benefits of Conversational AI in orchestrating tailored dialogues at scale; and how to design and launch Conversational AI programs.

Although he has not voiced his position on HIPAA regulations, as an advocate for reducing burdensome regulations for physicians, Price may be skeptical of stringent HIPAA requirements, Adam Greene, an attorney with Davis Wright Tremaine told GovInfoSecurity.  

Others questioned how HIPAA enforcement would proceed under a Price-appointed director of the Office of Civil Rights following previous OCR leadership that issued a record number of HIPAA settlements in 2016.

Price could ease the requirements under HIPAA, although paring back cybersecurity requirements could also translate to more data breaches, according to HIPAA Journal. Any update to the law that adds new security requirements could also be subject to President Trump’s “two-for-one” regulation order.

RELATED: Trump’s two-for-one regulation order: Its potential impact on healthcare

Dave Summitt, CISO and director of cybersecurity operations at Moffitt Cancer Center, told GovInfoSecurity that easing cybersecurity regulations embedded in HIPAA and the HITECH Act would have a detrimental impact given the healthcare industry’s subpar approach to cybersecurity.

RELATED: Healthcare gets a 'D' on cybersecurity report card

“Healthcare security professionals have had an uphill battle for several years in helping boards and leaders understand cyber risks, and we've come a long way,” Summit said of scaled-back security requirements. “I believe this would slow the progress.”

Suggested Articles

The American Heart Association (AHA) and emergency technology company RapidSOS are working to build a health data registry that first responders and 911…

Uber is moving further into healthcare with a new partnership with startup Grand Rounds enabling some of the largest employers in the U.S. to cover the cost of…

Quartet Health has expanded to two new states with a growing focus on supporting Medicaid beneficiaries with mental health conditions.