What changed in the 2026 HIPAA Security Rule update?

The 2026 update introduces mandatory encryption for ePHI at rest and in transit, required vulnerability scanning and penetration testing, network segmentation requirements, 72-hour incident notification to HHS, and elimination of the distinction between required and addressable specifications.

When do the new HIPAA Security Rule requirements take effect?

The final rule was published in early 2026, with most organizations given a compliance deadline within 180 days to one year depending on the specific requirement and organization size.

Does the 2026 HIPAA update require encryption?

Yes. The 2026 Security Rule update makes encryption of electronic protected health information (ePHI) mandatory both at rest and in transit, removing the previous addressable designation that allowed organizations to use alternative measures.

2026 HIPAA Security Rule Update: New Requirements to Prepare For

2026 HIPAA Security Rule Update: New Requirements Every Healthcare Organization Must Prepare For

Quick Answer: The 2026 HIPAA Security Rule update introduces significant changes including mandatory encryption of ePHI at rest and in transit (removing the “addressable” designation), required multi-factor authentication for all systems accessing ePHI, 72-hour incident reporting requirements, annual penetration testing, and enhanced business associate oversight obligations. These changes, proposed by HHS in late 2025, represent […]

HIPAA Security Rule Changes in 2026: What You Need to Know (and Do) Now

Quick Answer: The HIPAA Security Rule changes for 2026, proposed by HHS in December 2025, include mandatory encryption of all ePHI at rest and in transit (eliminating the “addressable” loophole), required multi-factor authentication (MFA) for ePHI access, 72-hour incident notification to HHS, annual penetration testing, vulnerability scanning every six months, and enhanced documentation requirements. These […]

HIPAA Policies and Procedures Requirements

Quick Answer: HIPAA Policies and Procedures Requirements is a critical component of HIPAA compliance for healthcare organizations. Understanding and implementing the requirements helps protect patient data, avoid costly penalties, and maintain trust with patients and partners. A thorough Security Risk Assessment is the foundation for identifying and addressing compliance gaps. HIPAA Policy and Procedure Requirements […]

New Proposed Updates to the HIPAA Security Rule

Quick Answer: New Proposed Updates to the HIPAA Security Rule is a critical component of HIPAA compliance for healthcare organizations. Understanding and implementing the requirements helps protect patient data, avoid costly penalties, and maintain trust with patients and partners. A thorough Security Risk Assessment is the foundation for identifying and addressing compliance gaps. New Proposed […]

Insider Threats: Managing the Risks Within Your Organization

Quick Answer: Insider Threats is a critical component of HIPAA compliance for healthcare organizations. Understanding and implementing the requirements helps protect patient data, avoid costly penalties, and maintain trust with patients and partners. A thorough Security Risk Assessment is the foundation for identifying and addressing compliance gaps. Insider Threats: Managing the Risks Within Your Organization […]

5 Tips to Stay HIPAA Compliant on Social Media

Quick Answer: 5 Tips to Stay HIPAA Compliant on Social Media is a critical component of HIPAA compliance for healthcare organizations. Understanding and implementing the requirements helps protect patient data, avoid costly penalties, and maintain trust with patients and partners. A thorough Security Risk Assessment is the foundation for identifying and addressing compliance gaps. 5 […]