Recent updates to the Health Insurance Portability and Accountability Act (HIPAA) represent the most significant shift in healthcare privacy and security requirements in over a decade. Driven by the rise in cyberthreats, increased data sharing, and legislative mandates under the Coronavirus Aid, Relief, and Economic Security Act (CARES), many of the changes came with a Feb. 16, 2026 compliance deadline.
A central development is the alignment of HIPAA with 42 CFR Part 2, which governs the confidentiality of substance use disorder (SUD) treatment records.
The 2024 Final Rule significantly changes this framework by allowing a single patient consent for uses and disclosures related to treatment, payment, and healthcare operations.
This alignment is intended to improve care coordination while reducing administrative burden. It also allows HIPAA-covered entities and business associates to redisclose SUD records in accordance with HIPAA rules, effectively integrating these records into broader clinical workflows. However, this flexibility comes with new compliance obligations, including stricter documentation guidelines, updated consent language, and enhanced enforcement authority by the Office for Civil Rights (OCR).
Another major requirement is the mandatory update to Notices of Privacy Practices (NPPs). As of Feb. 16, 2026, covered entities must explicitly address how SUD records are used and disclosed under the revised rules. Organizations that handle Part 2 data must also issue new patient-facing notices aligned with HIPAA standards.
Beyond privacy, HIPAA is undergoing a substantial transformation on the security side, particularly in response to escalating cyberattacks on healthcare systems. Proposed updates to the HIPAA Security Rule, expected to be finalized later this year, would introduce more prescriptive cybersecurity requirements. These include mandatory multi-factor authentication (MFA), encryption of electronic protected health information (ePHI), and stricter risk analysis and incident response protocols.
The Proposed Rule also emphasizes operational discipline. Covered entities would need to maintain formal data inventories and mapping of ePHI flows, conduct regular vulnerability testing, and implement detailed incident response and disaster recovery plans. In addition, organizations may be required to restore critical systems within defined timeframes (e.g., 72 hours) and perform annual compliance audits. These changes reflect a shift from flexible, “addressable” standards to more mandatory, auditable controls.
Another emerging requirement would involve enhanced oversight of business associates. Under the new framework, vendors handling ePHI may face faster breach notification timelines and stricter contractual obligations.
HIPAA is also evolving to address sensitive categories of health data, including behavioral health – and, more recently, reproductive health information. While some proposed rules in this area remain subject to legal challenges, the broader trend is clear: regulators are placing greater emphasis on limiting inappropriate disclosures and requiring attestations for certain data requests.
The focus is no longer just on protecting patient privacy in isolation, but on enabling secure, coordinated care in a highly digital and interconnected healthcare system. For healthcare organizations, this means moving toward a unified compliance model that integrates privacy, security, and operational workflows, rather than treating them as separate silos.
For RACmonitor readers, the key takeaway is that HIPAA is becoming both more flexible in data sharing and more rigorous in enforcement.
A few weeks ago, Dr. Ron (Ronald Hirsch, MD) wrote about a situation in which members of a utilization review (UR) staff were uncomfortable with
A recent federal lawsuit filed by AbbVie may prove to be one of the most consequential developments in the evolution of the 340B Drug Pricing
Please log in to your account to comment on this article.
Breast biopsy procedures may be clinically straightforward but accurately translating them into compliant billing can be anything but. In this focused webcast, Shawn Blackburn, CPC, CPMA, CIC, CRC, CCS-P breaks down how imaging guidance, lesion count, laterality, and payer expectations all impact how these procedures should be reported. Through clear explanations and real-world scenarios, you’ll gain practical insight into aligning clinical workflows with billing requirements, avoiding common pitfalls, and ensuring your documentation supports accurate reimbursement and compliance.
Gain clarity and confidence in OB‑GYN coding with this expert‑led webcast featuring Sherri L. Clayton, RHIT, CSS. You’ll learn how to apply global maternity package rules accurately, select the right CPT codes for procedures and visits, and identify documentation gaps that lead to denials. With practical guidance and real examples, this session helps you strengthen compliance, reduce audit risk, and ensure accurate reimbursement for women’s health services.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Traditional utilization management models can no longer keep pace with regulatory shifts, payer scrutiny, and operational pressures. In this webcast, Tiffany Ferguson, LMSW, CMAC, ACM, ACPA-C, introduces an Adaptive Model strategy that modernizes UM through role specialization, technology-driven workflows, and proactive, team-based processes. Attendees will learn how to restructure programs to improve efficiency, strengthen clinical collaboration, and enhance financial performance in a rapidly changing healthcare environment.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Celebrate Lab Week with MedLearn! Sign up to win one year of our Laboratory All Access Pass! Click here to learn more →
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
