New HIPAA Cybersecurity Rule could be costly for EMS providers

The recent posting of a proposed Health Insurance Portability and Accountability Act Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information for public comment is open until March 7, 2025.

The modifications to the HIPAA Security Rule to Strengthen the Cybersecurity of ePHI could have a

significant financial impact on EMS providers since most do not have dedicated information technology (IT) on staff to provide guidance, and ongoing support for the proposed requirements. Most EMS organizations will need to contract third parties for the needed expertise and have ongoing obligations to demonstrate compliance.

EMS providers are encouraged to comment on the proposed regulations.