2026 HIPAA Security Rule Update: New Requirements Every Healthcare Organization Must Prepare For

Quick Answer: The 2026 HIPAA Security Rule update introduces significant changes including mandatory encryption of ePHI at rest and in transit (removing the “addressable” designation), required multi-factor authentication for all systems accessing ePHI, 72-hour incident reporting requirements, annual penetration testing, and enhanced business associate oversight obligations. These changes, proposed by HHS in late 2025, represent […]

HIPAA Security Rule Changes in 2026: What You Need to Know (and Do) Now

Quick Answer: The HIPAA Security Rule changes for 2026, proposed by HHS in December 2025, include mandatory encryption of all ePHI at rest and in transit (eliminating the “addressable” loophole), required multi-factor authentication (MFA) for ePHI access, 72-hour incident notification to HHS, annual penetration testing, vulnerability scanning every six months, and enhanced documentation requirements. These […]