HIPAA Rules Just Changed: Security Is No Longer Optional

HIPAA Rules Just Changed: Security Is No Longer Optional

From HIPAA Insider by HIPAA Insider

May 20, 2026 · 13 min · Episode 115

About this episode

This episode discusses the significant updates to HIPAA security rules and their implications for healthcare compliance in 2026.

The 2026 HIPAA Rule Updates: From “Addressable” to Required HIPAA compliance is entering a new phase—and “optional” security measures are quickly disappearing. In this episode of the HIPAA Insider Show , Adam Z. and cloud security expert Gil Vidals break down the major HIPAA Security Rule updates shaping healthcare compliance in 2026. As regulators push key safeguards from “addressable” to REQUIRED , healthcare organizations of all sizes must rethink how they approach security, infrastructure, and risk management. We discuss: What HIPAA changes are already active Which requirements are still pending New mandatory encryption expectations The proposed 12-month penetration testing requirements Why MFA and stronger safeguards are becoming essential How smaller healthcare organizations can stay compliant without enterprise-level budgets This episode provides a practical look at how providers, MSPs, and health-tech teams can prepare for the next era of healthcare cybersecurity and compliance. Learn more about HIPAA Vault: https://www.hipaavault.com/ Become a guest on the HIPAA Insider Show: https://www.hipaavault.com/podcast-guest/

People in this episode

Host: Adam Z.

Guest: Gil Vidals

Topics covered

  • HIPAA compliance
  • security updates
  • healthcare cybersecurity
  • risk management
  • encryption
  • penetration testing
  • MFA

Keywords

  • HIPAA
  • security rule updates
  • mandatory encryption
  • penetration testing
  • MFA
  • healthcare compliance
  • risk management

Mentioned in this episode

Organizations: HIPAA Vault

More episodes of HIPAA Insider

Explore listener stats, chart rankings, contacts and more on the HIPAA Insider podcast page.