for systems that process electronic protected health information (ePHI), including mandatory deployment of anti-malware protection, removal of extraneous software, and disabling of network ports not required by the organization's risk analysis. The proposed rule would also require encryption of ePHI at rest on endpoint devices and multi-factor authentication for all systems containing ePHI.

The