The 2026 HIPAA Security Rule introduces significant updates to Business Associate Agreements (BAAs), raising the bar for compliance and security. In this session, we'll break down the critical changes, including the mandatory encryption, multi-factor authentication (MFA) requirements, stricter risk analysis, and enhanced oversight of business associates. You'll learn how to revise your BAAs to meet these new requirements, implement effective controls, and reduce your organization's exposure to compliance risks.

Key Topics:

• Identify which BAA clauses must be updated first, encryption/MFA, incident reporting timelines, subcontractor "flow-down" obligations, and termination-for-cause language.
• Translate the new risk analysis and ongoing monitoring expectations into practical BA oversight, evidence logs, attestations, and remediation tracking that satisfy auditors.
• Implement a step-by-step playbook to renegotiate, execute, and operationalize revised BAAs without disrupting patient care, revenue cycle operations, or vendor relationships.

Resources:

• Learn more about healthcare compliance systems: ⁠⁠⁠⁠⁠⁠⁠epicompliance.com⁠⁠⁠⁠⁠⁠⁠
• Explore healthcare compliance training and weekly webinars: ⁠⁠⁠⁠⁠⁠⁠epicompliance.com/training-in...⁠⁠⁠⁠⁠⁠⁠

Originally Recorded: October 14, 2025.