The rapidly evolving regulatory environment for health information privacy and security, driven by heightened federal scrutiny, major rulemaking initiatives, and the intensification of cyber threats targeting the healthcare sector – this has all lead to anticipated changes for 2026. Against these anticipated changes, the direction of the new Presidential administration and its pro-business and anti-regulatory perspective may prevail.
This signals that covered entities and business associates should expect more prescriptive requirements, more expansive enforcement, and significantly higher expectations for technical rigor.
The U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) have indicated that their long-planned Security Rule modernization remains on track, with finalization expected in 2026.
Unlike the current flexible, risk-based structure adopted in 2003, the proposed rule introduces specific and mandatory technical safeguards, such as stricter encryption requirements, required multifactor authentication, mandated vulnerability and penetration testing, improved patch management practices, enhanced workforce training provisions, and clearer expectations around incident response and system monitoring.
The message is unambiguous: the era of broad discretion in HIPAA security implementation is ending, and organizations will need concrete, demonstrable controls rather than high-level policies.
Enforcement activity is also expanding, most notably through OCR’s newly delegated authority to enforce the confidentiality protections governing substance use disorder (SUD) treatment records under 42 C.F.R. Part 2.
This shift brings Part 2, long considered one of the most stringent privacy frameworks in the U.S., squarely into OCR’s enforcement portfolio. Entities that operate SUD treatment programs or hold Part 2 records now face potential civil monetary penalties, compliance reviews, and corrective action plans similar to those used in HIPAA enforcement.
While HHS declined to fully align Part 2 with HIPAA’s security requirements, organizations that are subject to both regimes must nevertheless apply robust technical safeguards to ensure that highly sensitive SUD information is adequately protected against cyber risk.
The third major theme is escalating enforcement pressure stemming from the healthcare sector’s ongoing vulnerability to ransomware and other cyberattacks. OCR has launched initiatives specifically targeting inadequate or superficial security risk analyses (SRAs), a requirement that remains the backbone of HIPAA’s risk-based approach even ahead of the new rule.
Regulators are signaling that cursory, checklist-style assessments are no longer acceptable. At the same time, OCR continues aggressive enforcement of the patient right-of-access standard and is increasing expectations around compliance with reproductive health information protections and interoperability rules that took effect in late 2024.
Taken together, these developments reflect a broader regulatory posture: more prescriptive standards, more consistent enforcement, and an emphasis on measurable, accountable security practices. Healthcare organizations must prepare for a compliance environment characterized by short implementation timelines, heightened documentation expectations, and increasing penalties for failure to modernize.
Learn about the upcoming HIPAA privacy and security changes that may affect your practice that are anticipated in 2026.
Healthcare practitioners and practices operating in 2026 and going forward
Date: 03/13/2026
Time: 12:00 pm - 1:00 pm (EST)
Reg. deadline: 03/12/2026
Venue: Live Webinar
Pivot Tables are one of Excel’s most powerful and misunderstood tools but once you know how to use them, they can transform how you analyse and report on data. In just a few clicks, you can summarise thousands of rows into meaningful, dynamic reports - no formulas required. This session will show you how to quickly create and customise Pivot Tables to reveal trends, answer questions, and support better decision-making. You’ll also discover how to turn your Pivot Table into a visual dashboard using built-in charting tools, slicers, and layout options. If you've ever looked at a Pivot Table and thought, “I should really learn that”, this is your moment. Why you should attend Manually building summaries and reports from Excel data is time-consuming and error-prone. Pivot Tables eliminate the guesswork, automate the process, and give you instant insights. This session is perfect if you want to save time, reduce complexity, and finally get confident with one of Excel’s most powerful (but underused) features. Topics covered How to structure your source data for best results Creating Pivot Tables in just a few clicks Summarising data with totals, counts, and percentages Formatting your Pivot Table for clarity and impact Sorting and filtering with built-in tools and slicers Visualising data using Pivot Charts Understanding and using (or avoiding) GETPIVOTDATA Who should attend This session is for anyone who wants to level up their Excel skills and gain confidence with Pivot Tables. It’s ideal for professionals in admin, finance, HR, operations, or anyone who builds regular reports. You should be comfortable with basic Excel tasks like entering data, using copy/paste, and applying simple formatting. The training is delivered using Excel for Windows (Microsoft 365), but most techniques also apply to earlier versions and Excel for Mac.
Whether your employer is a clinic, a hospital, home health, or long term care; whether you are an MD, RN, an occupational therapist, a receptionist, or in the C-Suite, approximately 5% - 10% of your patients may be gay, lesbian, or bisexual. Additional patients may be transgender, intersex, or questioning their gender identity or sexual orientation. The healthcare needs of GLBT patients may appear to be the same as other patients’, but institutionalized heterosexism in healthcare is a real barrier to quality care. Healthcare providers acknowledge they are serving more GLBT patients, and that they want to provide quality GLBT care, but aren’t sure how to best create and implement the policies, procedures, and practices to ensure best patient outcomes. GLBT patients face a multitude of barriers to equitable care such as: refusals of care, delayed or substandard care, mistreatment, inequitable policies and practices, end-of-life issues, and limits on visitation. The challenges begin from the beginning of the health professionals’ relationship with their GLBT patient—starting from asking them to identify if they are male or female, married or single, on their intake form. Objectives To list relevant laws, regulations and standards required for health equity and patient-centered care of GLBT patients To identify key policy, procedure and practice issues related to GLBT patients and their families to incorporate into already existing policies, procedures and practices To discuss opportunities to collect GLBT – relevant data and information during the healthcare encounter To identify or revise strategic community outreach efforts to the GLBT population To name a variety of resources Who should Attend? HR Management Nurses Other Health Professionals
Everyone makes decisions, but of course some decisions are more important and complex than others. Whether it is a decision about what to wear to work to deciding on a merger, the decision making process is generally the same. Most decision making by management is convoluted with much fuzziness and backtracking. Research suggests that managers put little thought into the decision making process such as—analysis of the risk, what values are poignant, the alternatives evaluated, quantitative and qualitative data, identifying the stakeholders, bias, and the impact of the decision on the system, to name a few. Decision making is the basic foundation of the process of management. Yet most management training and development tactics ignore this essential skill. Learning Objectives To examine the “act of choice” To analyze roadblocks to effective decision making To discuss 10 decision making/problem solving tools To list the various models of decision making Analyze how managers make decisions Who should Attend? HR Management Any Employee
It is our nature to think—we all do it, obviously. However, a good share of our thinking is biased, distorted, or incomplete. Critical thinking is an essential skill for both managers and employees. Few of us are effective critical thinkers though research suggests that leaders believe they think quite well. Critical thinking ensures we pose the right questions, view others’ viewpoints with merit, and challenge assumptions in strategic thinking, decision making and problem solving. Non-critical thinkers shoot down ideas before they are understood, or take action based on faulty assumptions resulting in a business disaster. Teams, as well as individuals, must learn to think critically which requires a work atmosphere that is conducive to challenging others’ perspectives. Critical thinking enables teams to develop positive insights and ideas that lead to effective action. It focuses on reframing and rethinking issues so that the right problems are addressed, and requires challenging conventional wisdom. Using the process of critical thinking leads to reasoned conclusions, better decisions, fewer mistakes, and improves collaboration among team members. Learning Objectives Define critical thinking List characteristics of critical thinkers Examine the critical thinking process Explore the elements of reasoning Discuss critical thinking techniques Identify organizational, team, and individual critical thinking barriers Who should Attend? HR Management Any Employee