A new GAO report says the Department of Health and Human Services needs to provide more comprehensive guidance on how healthcare organizations and their business associates can better protect patient data by implementing security controls identified in the National Institute of Standards and Technology Cybersecurity Framework. Some security experts are calling for far bolder action than simply issuing more guidance. “The HIPAA Security Rule should be replaced or rewritten,” says Mac McMillan, CEO of the security consulting firm CynergisTek. “Many of the specific controls detailed within the framework’s 98 subcategories are not addressed,” the report says.”]
Source: https://www.databreachtoday.com/whats-needed-more-hhs-guidance-or-new-hipaa-security-rule-a-9426