EPISODE · Oct 16, 2025 · 47 MIN
#104 - Navigating BAA Changes Under the 2026 HIPAA Rule
from The Healthcare Compliance Step-By-Step Podcast · host EPICompliance
The 2026 HIPAA Security Rule introduces significant updates to Business Associate Agreements (BAAs), raising the bar for compliance and security. In this session, we'll break down the critical changes, including the mandatory encryption, multi-factor authentication (MFA) requirements, stricter risk analysis, and enhanced oversight of business associates. You'll learn how to revise your BAAs to meet these new requirements, implement effective controls, and reduce your organization's exposure to compliance risks.Key Topics:Identify which BAA clauses must be updated first, encryption/MFA, incident reporting timelines, subcontractor "flow-down" obligations, and termination-for-cause language.Translate the new risk analysis and ongoing monitoring expectations into practical BA oversight, evidence logs, attestations, and remediation tracking that satisfy auditors.Implement a step-by-step playbook to renegotiate, execute, and operationalize revised BAAs without disrupting patient care, revenue cycle operations, or vendor relationships.Resources:Learn more about healthcare compliance systems: epicompliance.comExplore healthcare compliance training and weekly webinars: epicompliance.com/training-in...Originally Recorded: October 14, 2025.
What this episode covers
The 2026 HIPAA Security Rule introduces significant updates to Business Associate Agreements (BAAs), raising the bar for compliance and security. In this session, we'll break down the critical changes, including the mandatory encryption, multi-factor authentication (MFA) requirements, stricter risk analysis, and enhanced oversight of business associates. You'll learn how to revise your BAAs to meet these new requirements, implement effective controls, and reduce your organization's exposure to compliance risks.Key Topics:Identify which BAA clauses must be updated first, encryption/MFA, incident reporting timelines, subcontractor "flow-down" obligations, and termination-for-cause language.Translate the new risk analysis and ongoing monitoring expectations into practical BA oversight, evidence logs, attestations, and remediation tracking that satisfy auditors.Implement a step-by-step playbook to renegotiate, execute, and operationalize revised BAAs without disrupting patient care, revenue cycle operations, or vendor relationships.Resources:Learn more about healthcare compliance systems: epicompliance.comExplore healthcare compliance training and weekly webinars: epicompliance.com/training-in...Originally Recorded: October 14, 2025.
NOW PLAYING
#104 - Navigating BAA Changes Under the 2026 HIPAA Rule
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m