This 90-minute session examines where the HIPAA Security Rule stands in 2026 and what practice managers, compliance officers, and business associates need to do to stay audit-ready. With HIPAA HITECH now fully enforced under bipartisan support and new congressional mandates and NPRMs reshaping Security Rule expectations, the cost of inaction has gone up sharply.

The webinar walks through proposed and finalized changes to the HIPAA Security Rule for 2026 and beyond, with attention to the risk factors that most commonly drive breaches and OCR enforcement. Drawing on the speaker's 23+ years of experience as an outsourced compliance auditor and expert witness on HIPAA cases, the session covers real-life audits, litigated cases, the OCR audit process, the most common violations and fines, and practical steps for limiting exposure.

Breach notification, portable devices, telemedicine, and texting/emailing guidelines are addressed as part of the broader risk and enforcement picture. The session also covers the expanded burden on business associates, the new definition of protected health information, and patients' growing ability to seek cash remedies for wrongful disclosures of PHI. HIPAA Privacy Rule updates — including Rights of Access, Care Coordination, Information Sharing, Notice of Privacy Practices, and the 21st Century Cures Act — are covered alongside the Security Rule content.

After this webinar attendees will be able to answer:

• What are the proposed and finalized changes to the HIPAA Security Rule for 2026 and how do they impact my organization?
• What risk factors most commonly trigger HIPAA breaches and OCR scrutiny?
• How does the OCR audit process actually work, and what triggers an investigation?
• Which violations are generating the largest fines, and how can they be avoided?
• What are my organization's obligations around breach notification, portable devices, telemedicine, and texting/emailing PHI?
• How has the compliance burden shifted for business associates under current enforcement?
• What updates apply to the HIPAA Privacy Rule, including Rights of Access, Care Coordination, and the 21st Century Cures Act?
• How can patients now seek cash remedies for wrongful disclosures of PHI, and how do I limit that exposure?

Areas Covered:

• NPRMs for the HIPAA Security Rule
• HIPAA Administrative Simplification updates
• Risk factors driving breaches and OCR action
• The OCR audit process — triggers, scope, and what to expect
• Most common violations and associated fines
• Real-life audits and litigated cases
• Breach notification requirements
• Portable devices, texting, and emailing — current guidelines
• Telemedicine do's and don'ts
• Business associates and the increased compliance burden
• New definition of protected health information
• Patient rights to cash remedies for wrongful disclosures
• HIPAA Privacy Rule updates: Rights of Access, Care Coordination, Information Sharing, Notice of Privacy Practices, 21st Century Cures Act

This webinar benefits the following agencies:

• Private practices
• Hospitals and health systems
• Billing companies
• Transcription companies
• Home health groups
• Health insurance companies
• Ambulatory care providers
• IT companies serving healthcare
• Law firms serving healthcare clients

Who should attend?

• Practice managers
• Compliance officers
• Privacy and security officers
• Business associates working with medical practices or hospitals (billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys)
• Physicians and other medical professionals
• Healthcare IT and information security staff