Effects of Cybersecurity on the Health Sector and HIPAA Regulations

As Donald J. Trump gears up for a return to the presidency in January, the healthcare sector is bracing for potential shifts in cybersecurity policies and HIPAA regulations under his next administration. Experts predict little support for the recent changes made by the Biden administration to the HIPAA Privacy Rule, especially those designed to protect reproductive health information following the Supreme Court’s reversal of Roe v. Wade in 2022.

In April, the Department of Health and Human Services (HHS) issued a 291-page ruling to fortify reproductive health privacy, prohibiting the unauthorized use or disclosure of protected health information related to legally sanctioned reproductive healthcare. Legal experts indicate that, while altering existing regulations is complex, the Trump administration may downplay compliance requirements associated with these recent adjustments.

“Although reversing regulations is no simple feat, I anticipate the Trump administration will overlook compliance obligations stemming from Dobbs-related alterations to the Privacy Rule,” commented Kirk Nahra, a privacy attorney at WilmerHale. Conversely, Adam Greene of Davis Wright Tremaine warns that the Trump administration could confront the 2024 Privacy Rule revisions more aggressively, indicating an abandonment of enforcement protocols, particularly in light of ongoing legal challenges in Texas.

The Texas lawsuit initiated by Attorney General Ken Paxton aims to invalidate Biden’s modifications to the HIPAA Privacy Rule to enhance protections for reproductive health data. Greene predicts the Northern District of Texas will likely annul these 2024 amendments, setting the stage for a possible rollback by the new administration.

During his first term, Trump’s administration also proposed updates to the HIPAA Privacy Rule, which were left unresolved as the Biden administration pursued alternative priorities. Attorneys in the field believe that these relatively uncontentious changes may be revisited now that Trump is returning to office, particularly in terms of addressing longstanding issues surrounding opioid disorders.

In enforcement matters, the incoming administration may continue to focus on providing individuals access to their health records, a priority that persisted through both the Trump and Biden administrations. Under Roger Severino’s leadership at HHS OCR, significant strides were made in this area, including the establishment of civil rights-focused enforcement mechanisms.

On the cybersecurity front, regulatory attorney Sara Goldstein notes that despite the shifting political landscape, cybersecurity remains a bipartisan concern. Many predict that the Trump administration could maintain or even escalate efforts to fortify cybersecurity across the healthcare sector, continuing initiatives from the previous term.

The Biden administration had previously outlined plans to strengthen cybersecurity protocols for the healthcare sector, including potentially linking compliance to Medicare reimbursements starting in fiscal 2029. With an anticipated budget of $1.3 billion for cybersecurity enhancements, experts emphasize that any forthcoming cybersecurity mandates from the Trump administration should also include adequate funding support for hospitals.

As the healthcare landscape prepares for these changes, the potential revisions to the long-ignored HIPAA Security Rule are also on the horizon. The Biden administration’s planned updates are currently under review by the White House, and Trump’s administration will have to determine its approach once public feedback is solicited. The response to these expected updates could shape the future of data security in healthcare significantly.