#104 - Navigating BAA Changes Under the 2026 HIPAA Rule episode artwork

EPISODE · Oct 16, 2025 · 47 MIN

#104 - Navigating BAA Changes Under the 2026 HIPAA Rule

from The Healthcare Compliance Step-By-Step Podcast · host EPICompliance

The 2026 HIPAA Security Rule introduces significant updates to Business Associate Agreements (BAAs), raising the bar for compliance and security. In this session, we'll break down the critical changes, including the mandatory encryption, multi-factor authentication (MFA) requirements, stricter risk analysis, and enhanced oversight of business associates. You'll learn how to revise your BAAs to meet these new requirements, implement effective controls, and reduce your organization's exposure to compliance risks.Key Topics:Identify which BAA clauses must be updated first, encryption/MFA, incident reporting timelines, subcontractor "flow-down" obligations, and termination-for-cause language.Translate the new risk analysis and ongoing monitoring expectations into practical BA oversight, evidence logs, attestations, and remediation tracking that satisfy auditors.Implement a step-by-step playbook to renegotiate, execute, and operationalize revised BAAs without disrupting patient care, revenue cycle operations, or vendor relationships.Resources:Learn more about healthcare compliance systems: ⁠⁠⁠⁠⁠⁠⁠epicompliance.com⁠⁠⁠⁠⁠⁠⁠Explore healthcare compliance training and weekly webinars: ⁠⁠⁠⁠⁠⁠⁠epicompliance.com/training-in...⁠⁠⁠⁠⁠⁠⁠Originally Recorded: October 14, 2025.

The 2026 HIPAA Security Rule introduces significant updates to Business Associate Agreements (BAAs), raising the bar for compliance and security. In this session, we'll break down the critical changes, including the mandatory encryption, multi-factor authentication (MFA) requirements, stricter risk analysis, and enhanced oversight of business associates. You'll learn how to revise your BAAs to meet these new requirements, implement effective controls, and reduce your organization's exposure to compliance risks.Key Topics:Identify which BAA clauses must be updated first, encryption/MFA, incident reporting timelines, subcontractor "flow-down" obligations, and termination-for-cause language.Translate the new risk analysis and ongoing monitoring expectations into practical BA oversight, evidence logs, attestations, and remediation tracking that satisfy auditors.Implement a step-by-step playbook to renegotiate, execute, and operationalize revised BAAs without disrupting patient care, revenue cycle operations, or vendor relationships.Resources:Learn more about healthcare compliance systems: ⁠⁠⁠⁠⁠⁠⁠epicompliance.com⁠⁠⁠⁠⁠⁠⁠Explore healthcare compliance training and weekly webinars: ⁠⁠⁠⁠⁠⁠⁠epicompliance.com/training-in...⁠⁠⁠⁠⁠⁠⁠Originally Recorded: October 14, 2025.

NOW PLAYING

#104 - Navigating BAA Changes Under the 2026 HIPAA Rule

0:00 47:24

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The Healthcare Compliance Step-By-Step Podcast?

This episode is 47 minutes long.

When was this The Healthcare Compliance Step-By-Step Podcast episode published?

This episode was published on October 16, 2025.

What is this episode about?

The 2026 HIPAA Security Rule introduces significant updates to Business Associate Agreements (BAAs), raising the bar for compliance and security. In this session, we'll break down the critical changes, including the mandatory encryption,...

Can I download this The Healthcare Compliance Step-By-Step Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!