Big changes are happening with HIPAA in 2025, focusing on protecting reproductive health information and making healthcare data more secure. Here's a breakdown of the latest HIPAA updates from 2024 and early 2025.
HIPAA 2024 updates: new privacy protections for reproductive health information
In April 2024, HHS released a Final Rule aimed at protecting sensitive reproductive health information. This rule stops healthcare providers from using or sharing protected health information (PHI) about lawful reproductive care for investigations or legal actions.
What’s new in HIPAA?
- Restricted PHI disclosures: Healthcare providers can’t share PHI related to lawful reproductive care for legal investigations or similar purposes.
- Signed attestation required: If PHI is requested for oversight, law enforcement, or legal reasons, the requester must sign an attestation confirming the information won’t be misused.
- Privacy policy updates: Providers need to update their Notices of Privacy Practices to include these changes.
However, on December 22, 2024, a federal judge in Texas ruled that the government might have overstepped its authority with this rule. For now, the rule can’t be enforced, due to a federal judge's decision blocking its application in the case involving a Texas doctor.
Learn more about the Final Rule (Federal Register)
Details on the Texas ruling (Reuters)
HIPAA 2025 updates: proposed cybersecurity changes to the HIPAA security rule
On January 6, 2025, HHS proposed new HIPAA rules to strengthen cybersecurity for electronic protected health information (ePHI). These updates are designed to keep healthcare data safe from growing cyber threats.
What’s being proposed in HIPAA?
- Multi-Factor Authentication (MFA): Adding an extra layer of security to make sure only authorized people can access sensitive information.
- Encryption requirements: All ePHI must be encrypted during storage and when being sent over the internet.
- Regular security scans: Organizations will need to perform regular scans to find and fix weaknesses in their systems.
- Network segmentation: Breaking up networks into smaller, more secure sections to minimize damage from potential breaches.
HHS is accepting public feedback on these latest HIPAA update proposals until March 7, 2025. After that, the rules will be finalized, and deadlines for compliance will be announced.
More on the proposed cybersecurity changes (Federal Register)
What this HIPAA news means for your healthcare organization
These new HIPAA updates show how serious HHS is about protecting patient data. For healthcare organizations, it’s time to:
- Review current practices to ensure they align with these latest HIPAA updates.
- Plan for upcoming HIPAA compliance deadlines, especially for cybersecurity improvements.
- Stay informed about legal challenges that might impact how the HIPAA rules are enforced.
By keeping up with these regulatory changes, healthcare providers can protect patient trust and avoid penalties under HIPAA. For all the details, check out the official resources linked above.
Prepare for the latest HIPAA updates and stay ahead of the curve with SFTP To Go—offering secure, encrypted data transfer and storage to meet evolving privacy and cybersecurity requirements.
Download the Complete HIPAA Checklist for 2024/2025 and take the next step towards securing your organization’s future. From staff training, to managing workstations, to breach response—it's got absolutely everything you need to know condensed into a practical and interactive checklist. It’s free, so download it.
Try SFTP To Go for free!