A final rule is expected later this spring, and many of its proposed changes would be time‑consuming and costly for covered entities and business associates to manage. But implementing some of these ...

The 2026 Security Rule eliminates 'addressable' safeguards, making encryption of ePHI at rest and in transit, multi-factor authentication for all logins, and network segmentation mandatory.

Heightened enforcement priorities, new technical safeguard requirements, and repeated compliance failures are prompting organizations to strengthen HIPAA training in 2026. Proposed Security Rule ...

New four-pillar compliance structure gives independent practices a clear path through the latest Security Rule overhaul ...

Faulty or non-existent security risk analyses cost a medical imaging provider, a women's healthcare group, a health plan and ...

The HHS’ Office for Civil Rights’ audit program was too narrow in scope to effectively assess data protections and reduce cyber risks in the healthcare sector, according to the report. The report, ...

New bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act, to ...

The HIPAA Security Rule may soon undergo its first major overhaul in over two decades. Although finalization could come as early as May 2026, timelines remain uncertain. Regardless, the proposed ...

A recently passed law in the state of Washington puts new safeguards on consumer health data, giving residents some of the broadest protections in the country when it comes to how outside groups can ...