Encryption becomes mandatory: AES‑256 encryption will be required for all ePHI at rest, with TLS 1.3 or higher for data in transit, removing previous flexibility. Beyond technical controls: ...

Key Takeaways: HIPAA updates expected in 2026 will strengthen requirements to protect electronic protected health information (ePHI) and remove ambiguity regarding security safeguards. Enforcement ...

As of 2026, the Public Health Emergency enforcement discretion is officially over, and the OCR is treating telehealth with the same rigor as in-person PHI workflows. Pediatric practices, already ...

An unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep. Since 2005, healthcare organizations have been subject ...

Editor’s Note: As workplaces reopen, many employers are grappling with whether to require employees to be vaccinated or to impose mask mandates. Some have faced resistance in the form of false claims ...

The U.S. District Court for the Northern District of Texas on June 18, 2025, issued an order vacating the HIPAA Privacy Rule to Support Reproductive Health Care ...

Earlier this year, federal agencies teamed up to issue two rules that will require healthcare providers to update certain policies related to the use and disclosure ...

As the permanent HIPAA auditing program gets under way this year, the U.S. Department of Health & Human Services issued a proposed rule that would require a controlling health plan (CHP) to submit ...

Ever since the updated HIPAA rule took effect last March, some hospital IT departments see themselves as “the HIPAA police,” clamping down in ways that the rule doesn't require, says one industry ...

AMARILLO, Texas — A federal court in Texas issued a preliminary injunction that partially halts the Department of Health and Human Services from enforcing a new HIPAA rule that restricts the ...