In this week’s series, we take a look at the new HIPAA Security Rules proposed by HHS and Expanded Medicare Telehealth. Here’s what you need to know:
Proposed New HIPAA Security Rules
- Regulatory Update: The U.S. Department of Health and Human Services (HHS) proposed new regulations to strengthen cybersecurity for electronic protected health information (ePHI), marking the first update since 2013.
- Motivations: Updates address the rise in cyberattacks, evolving healthcare technologies (AI, virtual/augmented reality), and misunderstandings or failures in current HIPAA (Health Insurance Portability and Accountability Act) Security Rule compliance.
- Publication: The proposed rule will be published for public comment on January 6, 2025, with a draft available now (390 pages).
- Focus Areas: Changes target better security measures, clearer compliance guidelines, and alignment with modern healthcare practices and data use.
Read more, here.
Expanded Medicare Telehealth
- Extension of Waivers: The “American Relief Act, 2025” extends certain Medicare telehealth flexibilities through March 31, 2025, including:
- Removal of geographic restrictions and expanded originating sites.
- Broader eligible practitioner list (e.g., therapists, audiologists, mental health counselors).
- Federally qualified health centers and rural clinics serving as distant-site providers.
- Payment for audio-only telehealth services.
- Behavioral health telehealth waivers, delaying in-person visit requirements.
- Expired Waivers: Certain telehealth benefits ended on December 31, 2024, such as Medicare coverage for cardiac/pulmonary rehab via telehealth and HDHP pre-deductible coverage for telehealth.
- Legislative Context: Extensions tie to the Continuing Resolution, highlighting temporary funding and program provisions through early 2025.
Read more, here.
Explore our Resources and Blog for more content.
