Are you ready for modifications to HIPAA? We can help.
Where Should We Send Your Cheat Sheet?
Enter your details and we will email it to you!
Welcome to the most active regulatory environment we have ever seen! As the Office for Civil Rights (OCR) works to rapidly update HIPAA and other privacy and security regulations, as well as increase enforcement, it has become more important than ever to keep up with changing regulations! At HIPAAtrek, our compliance experts track these changes, so you don’t have to.
HIPAA changes are inevitable as the world—and especially the storage and sharing of Protected Health Information (PHI)—changes. Privacy and security regulations may be updated for a number of reasons, including keeping up with changing technology, strengthening enforcement standards, and clarifying specific civil rights.
The adoption of telehealth, the use of smartphones in clinical settings, and the digital transmission of ePHI all impact regulations. As technology changes and Healthcare is the number one industry targeted by cyberattacks, regulations must adapt to protect patient data from new and growing threats.
Additionally, the OCR works to clarify and expand patient rights and PHI protections on an ongoing basis. The Proposed Modifications to the HIPAA Privacy Rule, for instance, are designed to strengthen individuals’ rights to access their own health information. Similarly, the Information Blocking regulation was created under the 21st Century Cures Act to protect the flow of information between patients and providers.
HIPAA changes may also be created in response to the political environment in some states or across the United States. The Reproductive Health NPRM of 2023, which would impact the HIPAA Privacy Rule, is one such example.
Finally, individual states or the OCR may change or create new regulations to clarify or strengthen enforcement standards, giving additional authority to healthcare privacy and security regulations.
Implements the Electronic Health Record Reporting Program, requirements for IT Certification under the ONC, and enhancements for information sharing.
Effective March 11, 2024.
Strengthens privacy protections for reproductive health information, ensuring it cannot be used to investigate or penalize those seeking, obtaining, or providing reproductive health care.
Compliance Date December 23, 2024.
With an expanded definition of a lawful holder, the regulations previously impacting only substance use providers will now encompass most healthcare organizations.
Published to the Federal Registry Feb 16, 2024, effective Feb 16, 2026.
A new provision of the Cures Act outlining disincentives for providers committing Information Blocking, effectively beginning the enforcement of Information Blocking.
Effective July 31, 2024.
The largest change to HIPAA we have ever seen, over 30% of HIPAA will change under this NPRM, impacting BAAs, Policies, and NPPs. Final action anticipated in November 2025.
Aims to enhance national cybersecurity by mandating reporting of specific cyber incidents and ransom payments from HIPAA covered entities.
NPRM published April 4, 2024.
Advances interoperability through standards adoption; public health IT certification; expanded uses of certified APIs; and information sharing under the Information Blocking regulations.
NPRM Published July 17, 2024.
Will propose modifications to improve cybersecurity in healthcare, with strengthened requirements for safeguarding EPHI under HIPAA. NPRM to be published in December 2024.
The first ever change to the HIPAA security rule proposes civil monetary penalties and monetary settlements to those harmed by an offense under HIPAA. Also proposes consideration of security practices of CEs and BAs when making enforcement determinations.
Anticipated publication date in May 2026.
Outlines anti-discrimination provisions as a part of the Confidentiality of Substance Use Disorder Patient Records Rulemaking. NPRM to be published in November 2025.
13 states thus far have enacted comprehensive consumer privacy laws impacting healthcare organizations (with one more coming soon).
HIPAAtrek was built by HIPAA compliance experts who have been in your shoes, so we know how challenging sweeping changes to HIPAA can be.
That’s why we work diligently to support our clients through changing regulations with:
There’s never been a better time to join HIPAAtrek. Register for a demo now and a member of our team will reach out with more information:
HIPAAtrek includes a personalized roadmap to upcoming regulatory changes as a part of our Privacy Gap Assessment and Security Risk Analysis. Learn more.
Know where your privacy program stands, so you can build on a strong foundation once the changes are finalized.
Understand the specifics of these changes, and begin preparations by identifying policies and BAAs that will require updates.
Create buy-in among the C-suite, sharing your action plan and budget proactively.
Learn more on our blog:
We made you a free cheat sheet to guide your compliance as regulations change.
The best way to ensure your organization’s compliance in this quickly changing regulatory environment is to begin with an understanding of your current HIPAA compliance. Our Security Risk Analyses and Privacy Gap Assessments specifically include a personalized roadmap to changing regulations, so you can build from a strong foundation, even as regulations change.
In consultation with your team, our in-house compliance experts will:
Ready to learn more? Fill out this form and a member of our team will follow up with more details.