.jpg)
STAT+: Health care providers form a united front against stricter patient privacy rules
Health care providers oppose stricter federal patient privacy rules proposed in response to rising cybersecurity threats.
After yet another record year for health data breaches, updated federal security rules to protect patient information are on the table in 2025. Patients and providers have long complained that HIPAA, or the Health Insurance Portability and Accountability Act, is ill-suited to protect patients’ sensitive health data in the digital age — and in January, the Department of Health and Human Services proposed updated regulations to protect against the growing threat of cyberattacks.
But in thousands of public comments, health systems and providers have pushed back aggressively against the suggested changes to the security rule. Increased privacy protections, in their view, would impact the financial viability of medical practices — especially small ones — and even timely patient care.
“It’s frankly a blizzard of very technical requirements, which I think would understandably be intimidating and frightening to anything but the largest health care systems,” said David Blumenthal, who was national coordinator for health information technology under the Obama administration, of the proposed HIPAA security rule. “It does raise significant issues about whether small practices and small institutions can effectively protect patient privacy in the new age we’re living in.”
