Libbie Canter & Elizabeth Brim of Covington and Burling write:
2024 was an incredibly busy year for health privacy. As the year draws to a close and we look ahead to 2025, we share several areas that we are watching in the coming year, which we expect to be similarly busy with federal- and state-level activity:
- Proposed Updates to the HIPAA Security Rule. The U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) is expected to issue a proposed rule to update the HIPAA Security Rule before the end of 2024. The original Security Rule was finalized approximately 20 years ago, and while HHS OCR has not released substantive details related to the updates to be proposed, it is possible that HHS OCR will propose to substantially change the security obligations of HIPAA-regulated entities.
- State Laws Regulating Consumers’ Health-Related Information. In 2024, Maryland became the fourth state to pass a law regulating consumer health data, following the enactment of laws regulating consumer health data in Washington, Nevada, and Connecticut in 2023. In 2025, additional states are likely to consider bills to regulate consumers’ health-related data. For example, Washington, DC recently introduced and held hearings on the Consumer Health Information Privacy Protection Act of 2024 (CHIPPA), and Michigan also recently introduced a bill to protect the privacy of reproductive health data.
Read the rest of their article at InsidePrivacy.