2026 HIPAA Security Rule Update: New Requirements Every Healthcare Organization Must Prepare For
Quick Answer: The 2026 HIPAA Security Rule update introduces significant changes including mandatory encryption of ePHI at rest and in transit (removing the “addressable” designation), required multi-factor authentication for all systems accessing ePHI, 72-hour incident reporting requirements, annual penetration testing, and enhanced business associate oversight obligations. These changes, proposed by HHS in late 2025, represent […]
HIPAA Compliance for Generative AI: What Healthcare Organizations Must Know
Quick Answer: HIPAA compliance for generative AI requires healthcare organizations to treat AI tools like ChatGPT, Gemini, or Copilot as potential business associates when they process electronic protected health information (ePHI). Key compliance requirements include: executing Business Associate Agreements with AI vendors before sharing any patient data, conducting risk assessments that specifically address AI-related vulnerabilities, […]
AI Security Risks in Healthcare: What Every Organization Needs to Know
Quick Answer: AI security risks in healthcare include unauthorized ePHI exposure through AI model training data, prompt injection attacks that extract sensitive information, AI-generated hallucinations leading to incorrect clinical decisions, supply chain vulnerabilities in AI dependencies, and insider threats amplified by AI-powered data access. Healthcare organizations must include AI systems in their HIPAA Security Risk […]
Network Vulnerability Assessments and HIPAA: Why Your SRA Isn’t Complete Without One
Quick Answer: A HIPAA network vulnerability assessment is a technical evaluation that scans your healthcare network infrastructure to identify security weaknesses that could expose electronic protected health information (ePHI). It involves scanning servers, workstations, firewalls, routers, and connected devices for known vulnerabilities, misconfigurations, and outdated software. HIPAA does not explicitly mandate vulnerability assessments, but they […]
Why Assuming You “Don’t Store Much PHI” Could Put You at Risk
Why Assuming You “Don’t Store Much PHI” Could Put You at Risk Resources Blog “We don’t store much PHI” is a dangerous assumption. Discover why HIPAA focuses on how data moves, not just where it lives, and learn practical steps to identify your real digital footprint. Introduction “We don’t really store much PHI.” In the […]
How to Bring AI Tools Into HIPAA Compliance With Confidence
How to Bring AI Into HIPAA Compliance With Confidence Resources Blog Discover why AI tools must be included in HIPAA policies, risk analyses, and vendor management. Introduction Artificial intelligence is showing up across the healthcare ecosystem at a remarkable pace. From clinical decision support to real-time documentation help, automated scheduling, revenue-cycle automation, and generative AI […]
Social Media, HIPAA, and the Security Risk Analysis You Can’t Skip
Social Media, HIPAA, and the Security Risk Analysis You Can’t Skip Resources Blog In healthcare, every post, photo, and “success story” shared online has the potential to do two things: build connection—or break compliance. Introduction Social media is one of the most powerful tools available to healthcare organizations today, but it’s also one of the […]
The New Voice Scam to Watch For
The New Voice Scam to Watch For Resources Blog AI voice scams are here—fraudsters clone voices with seconds of audio. Learn how to protect accounts, payments, and your team. Phone impersonation scams aren’t new—but they’ve become far more dangerous. Last year, we warned about fraudsters calling to trigger password resets or reroute payments. Those risks […]
Why Network Vulnerability Assessments Are a Must in Healthcare
Why Network Vulnerability Assessments Are a Must in Healthcare and What They Should Look Like in 2025 Resources Blog Discover why Network Vulnerability Assessments are essential—and how Medcurity’s new NVA Dashboard makes them smarter and actionable. Big news before we dive in:We’ve just launched a smarter, more actionable way to manage Network Vulnerability Assessments—and it’s […]
Beyond the Basics: Social Media and HIPAA Compliance
Go beyond the basics of HIPAA compliance with this deep dive into tricky social media scenarios and learn strategies safely be active on social media.