Changing HIPAA Regulations Hub

Welcome to the most active regulatory environment we have ever seen! As the Office for Civil Rights (OCR) works to rapidly update HIPAA and other privacy and security regulations, as well as increase enforcement, it has become more important than ever to keep up with changing regulations! At HIPAAtrek, our compliance experts track these changes, so you don’t have to.

Why Does HIPAA Change?

HIPAA changes are inevitable as the world—and especially the storage and sharing of Protected Health Information (PHI)—changes. Privacy and security regulations may be updated for a number of reasons, including keeping up with changing technology, strengthening enforcement standards, and clarifying specific civil rights.

The adoption of telehealth, the use of smartphones in clinical settings, and the digital transmission of ePHI all impact regulations. As technology changes and Healthcare is the number one industry targeted by cyberattacks, regulations must adapt to protect patient data from new and growing threats.

Additionally, the OCR works to clarify and expand patient rights and PHI protections on an ongoing basis. The Proposed Modifications to the HIPAA Privacy Rule, for instance, are designed to strengthen individuals’ rights to access their own health information. Similarly, the Information Blocking regulation was created under the 21st Century Cures Act to protect the flow of information between patients and providers.

HIPAA changes may also be created in response to the political environment in some states or across the United States. The Reproductive Health NPRM of 2023, which would impact the HIPAA Privacy Rule, is one such example.

Finally, individual states or the OCR may change or create new regulations to clarify or strengthen enforcement standards, giving additional authority to healthcare privacy and security regulations.

Upcoming Regulatory Changes

Health Data, Technology, and Interoperability (HTI-1)

Implements the Electronic Health Record Reporting Program, requirements for IT Certification under the ONC, and enhancements for information sharing.

Effective March 11, 2024.

HIPAA Privacy Rule to Support Reproductive Healthcare Privacy

Strengthens privacy protections for reproductive health information, ensuring it cannot be used to investigate or penalize those seeking, obtaining, or providing reproductive health care.

Compliance Date December 23, 2024.

42 CFR Pt 2

With an expanded definition of a lawful holder, the regulations previously impacting only substance use providers will now encompass most healthcare organizations.

Published to the Federal Registry Feb 16, 2024, effective Feb 16, 2026.

Learn More About 42 CFR Pt2 ⟶

Disincentives for Information Blocking

A new provision of the Cures Act outlining disincentives for providers committing Information Blocking, effectively beginning the enforcement of Information Blocking.

Effective July 31, 2024.

Privacy Rule 2021 NPRM

The largest change to HIPAA we have ever seen, over 30% of HIPAA will change under this NPRM, impacting BAAs, Policies, and NPPs. Final action anticipated in November 2025.

Learn More About Privacy Rule Changes ⟶

Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements

Aims to enhance national cybersecurity by mandating reporting of specific cyber incidents and ransom payments from HIPAA covered entities.

Health Data, Technology, and Interoperability (HTI-2)

Advances interoperability through standards adoption; public health IT certification; expanded uses of certified APIs; and information sharing under the Information Blocking regulations.

HIPAA Security Rule to Strengthen Cybersecurity NPRM

Will propose modifications to improve cybersecurity in healthcare, with strengthened requirements for safeguarding EPHI under HIPAA. NPRM to be published in December 2024.

Rulemaking Implementing Provisions of the HITECH Act

The first ever change to the HIPAA security rule proposes civil monetary penalties and monetary settlements to those harmed by an offense under HIPAA. Also proposes consideration of security practices of CEs and BAs when making enforcement determinations.

Anticipated publication date in May 2026.

Non-Discrimination for SUD Patient Records

Outlines anti-discrimination provisions as a part of the Confidentiality of Substance Use Disorder Patient Records Rulemaking. NPRM to be published in November 2025.

State Regulatory Changes

13 states thus far have enacted comprehensive consumer privacy laws impacting healthcare organizations (with one more coming soon).

How HIPAAtrek Helps with Regulatory Changes

HIPAAtrek was built by HIPAA compliance experts who have been in your shoes, so we know how challenging sweeping changes to HIPAA can be.

That’s why we work diligently to support our clients through changing regulations with:

  • Specific, in-depth training to educate and prepare our clients, with opportunities to ask questions of our HIPAA compliance experts;
  • Updated policy templates, BAA templates, and NPP templates (as applicable) available in HIPAAtrek within 45 days of any major regulatory change;
  • HIPAA training videos within the software will be updated to reflect the current regulations and assist with implementation among your team.

Schedule A Demo

There’s never been a better time to join HIPAAtrek. Register for a demo now and a member of our team will reach out with more information:

Prepare Now for Regulatory Changes

HIPAAtrek includes a personalized roadmap to upcoming regulatory changes as a part of our Privacy Gap Assessment and Security Risk Analysis. Learn more.

Conduct a Risk Analysis

Know where your privacy program stands, so you can build on a strong foundation once the changes are finalized. 

Create an Action Plan

Understand the specifics of these changes, and begin preparations by identifying policies and BAAs that will require updates.

Communicate with Leadership

Create buy-in among the C-suite, sharing your action plan and budget proactively.

Are you up to date with HIPAA?

We made you a free cheat sheet to guide your compliance as regulations change.

Changing Regulations Cheatsheet
Security Icon

Consulting

Work with the HIPAA Compliance Experts at HIPAAtrek to Mangage Regulatory Changes

The best way to ensure your organization’s compliance in this quickly changing regulatory environment is to begin with an understanding of your current HIPAA compliance. Our Security Risk Analyses and Privacy Gap Assessments specifically include a personalized roadmap to changing regulations, so you can build from a strong foundation, even as regulations change.

In consultation with your team, our in-house compliance experts will:

  • Review your existing privacy or security policies and procedures,
  • Identify gaps and mitigation strategies,
  • Compile our findings into a report for your team, and
  • Build a roadmap to support your team in navigating major regulatory changes.

Get a proactive head start in complying with the updates to HIPAA by working with the experts at HIPAAtrek.

Ready to learn more? Fill out this form and a member of our team will follow up with more details.