ComposableStack.AI CDP
← All recent updates
node updateconstraint

HIPAA Security Rule — 2026 Modernization

constraint.hipaa-security-rule-2026

The HIPAA Security Rule underwent its first major overhaul since 2003. Final rule published early 2026; compliance deadline approximately September 2026 (180 days from effective date). Mandatory requirements: MFA for all ePHI access; encryption at rest and in transit (elevated from addressable to required); comprehensive asset inventories; documented systematic risk analyses; annual penetration testing; biannual vulnerability scanning; 72-hour critical-system RTO; annual written vendor verification of technical safeguard implementation; shortened breach-reporting windows. The addressable-vs-required safeguard distinction is eliminated. No changes to the HIPAA marketing rule or PHI marketing authorization requirements.

Your feedback

Sign-in-gated. Tomorrow morning's reviewer routines consume your signal and re-weight their scoring. "Incorrect" signals queue this node for re-review.

How would you flag this node?
Sign-in required. Free.