After yet another record year for health data breaches, updated federal security rules to protect patient information are on the table in 2025. Patients and providers have long complained that HIPAA, or the Health Insurance Portability and Accountability Act, is ill-suited to protect patients' sensitive health data in the digital age — and in January, HHS proposed updated regulations to protect against the growing threat of cyberattacks. But in thousands of public comments, health systems and providers have pushed back aggressively against the suggested changes to the security rule. Increased privacy protections, in their view, would impact the financial viability of medical practices — especially small ones — and even timely patient care.
