{"id":146799,"date":"2026-04-29T23:20:48","date_gmt":"2026-04-30T03:20:48","guid":{"rendered":"https:\/\/medcitynews.com\/?p=146799"},"modified":"2026-04-29T23:21:00","modified_gmt":"2026-04-30T03:21:00","slug":"hipaa-hhs-healthcare-cybersecurity-security","status":"publish","type":"post","link":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/","title":{"rendered":"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates"},"content":{"rendered":"\n<p>Next month, the Department of Health and Human Services is slated to finalize the first major update to HIPAA in more than a decade, which will force hospitals to adopt more robust security measures.<\/p>\n\n\n\n<p>With this update, HHS is seeking to eliminate the distinction between \u201crequired\u201d and \u201caddressable\u201d implementation specifications. Currently, HIPAA has two types of security rules for protecting sensitive health information \u2014 \u201crequired\u201d rules that must be followed and \u201caddressable\u201d rules that providers can choose not to obey.<\/p>\n\n\n\n<p>By getting rid of these two categories, HHS is aiming to make all cybersecurity rules mandatory for healthcare organizations. Under <a href=\"https:\/\/medcitynews.com\/2025\/01\/hipaa-cybersecurity-data-healthcare\/\">the department\u2019s proposal<\/a>, several cybersecurity protocols will be required for all providers, such as two-factor authentication, data encryption and network segmentation.<\/p>\n\n\n\n<p>Kumar Sokka, CEO of cybersecurity platform <a href=\"https:\/\/www.acresecurity.com\/\">Acre Security<\/a>, thinks the biggest impact of the HIPAA update is that physical security safeguards will no longer be optional or flexible.<\/p>\n\n\n\n<p>Providers won\u2019t be able to just document policies anymore \u2014 they will have to demonstrate actual implementation for tools focusing on access control, intrusion detection and visitor management, he explained.<\/p>\n\n\n\n<p>He isn\u2019t confident in hospitals\u2019 ability to comply with the new requirements. Sokka said that most providers still rely on fragmented, siloed security tools and lack the connected infrastructure needed to meet the updated rule\u2019s more rigorous, integrated standards.<\/p>\n\n\n\n<p>\u201cThere are different ways to meet the needs based on the different budgets that these hospitals have. And I think unification is a big one, and also moving to the cloud and modernizing technology,\u201d he remarked.<\/p>\n\n\n\n<p>Sokka noted that a hospital\u2019s physical security and cybersecurity are deeply intertwined.<\/p>\n\n\n\n<p>Weak physical security, like unsecured server rooms, can directly enable cyberattacks, he added. For instance, someone physically accessing a server and plugging in a USB device can bypass even strong cyber defenses.<\/p>\n\n\n\n<p>\u201cThere&#8217;s always the chance of people walking through,\u201d Sokka stated. \u201cThat&#8217;s why a visitor management tool is a big deal, because you want to make sure you&#8217;re running background checks, you&#8217;re doing compliance checks to ensure that the right people are entering the hospital. There&#8217;s a lot of weak points \u2014 things are just in flux, with guests coming in to visit and the accessibility of coming to a hospital.\u201d<\/p>\n\n\n\n<p>Under the updated HIPAA rule, these types of physical vulnerabilities will no longer be treated as secondary concerns \u2014 but as core security requirements that providers must actively address.<\/p>\n\n\n\n<p>However, this shift is likely to expose how many providers are still unprepared to deploy a more stringent security framework, Sokka said.<\/p>\n\n\n\n<p><em>Photo: MoMo Productions, Getty Images<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The first major update to HIPAA in more than a decade will eliminate the distinction between \u201crequired\u201d and \u201caddressable\u201d safeguards, making key cybersecurity and physical security measures mandatory for all healthcare providers. This shift will expose gaps in hospitals\u2019 fragmented security systems, though, according to Kumar Sokka, CEO of cybersecurity platform Acre Security.<\/p>\n","protected":false},"author":31620,"featured_media":146800,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"featured_image_focal_point":[],"homepage_placement":"top","homepage_placements":{"top":true,"featured":true,"sidebar":false},"homepage_alternative_layout":false,"featured_categories":[48,57,117,51659],"hide_from_feed":false,"footnotes":""},"categories":[117,48,57,51659],"tags":[53597,36643,13782,8706,34188],"class_list":["post-146799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-health-tech","category-hospitals-channel","category-politics-channel","category-providers","tag-acre-security","tag-compliance","tag-cybersecurity","tag-hipaa","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates - MedCity News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates - MedCity News\" \/>\n<meta property=\"og:description\" content=\"The first major update to HIPAA in more than a decade will eliminate the distinction between \u201crequired\u201d and \u201caddressable\u201d safeguards, making key cybersecurity and physical security measures mandatory for all healthcare providers. This shift will expose gaps in hospitals\u2019 fragmented security systems, though, according to Kumar Sokka, CEO of cybersecurity platform Acre Security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\" \/>\n<meta property=\"og:site_name\" content=\"MedCity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-30T03:20:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-30T03:21:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"724\" \/>\n\t<meta property=\"og:image:height\" content=\"483\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Katie Adams\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Katie Adams\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\"},\"author\":{\"name\":\"Katie Adams\",\"@id\":\"https:\/\/medcitynews.com\/#\/schema\/person\/91c47b5afe1058bd74c8125a1b9248ec\"},\"headline\":\"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates\",\"datePublished\":\"2026-04-30T03:20:48+00:00\",\"dateModified\":\"2026-04-30T03:21:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\"},\"wordCount\":443,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg\",\"keywords\":[\"Acre Security\",\"compliance\",\"cybersecurity\",\"HIPAA\",\"security\"],\"articleSection\":[\"Health Tech\",\"Hospitals\",\"Policy\",\"Providers\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\",\"url\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\",\"name\":\"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates - MedCity News\",\"isPartOf\":{\"@id\":\"https:\/\/medcitynews.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg\",\"datePublished\":\"2026-04-30T03:20:48+00:00\",\"dateModified\":\"2026-04-30T03:21:00+00:00\",\"author\":{\"@id\":\"https:\/\/medcitynews.com\/#\/schema\/person\/91c47b5afe1058bd74c8125a1b9248ec\"},\"breadcrumb\":{\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage\",\"url\":\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg\",\"contentUrl\":\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg\",\"width\":724,\"height\":483,\"caption\":\"Male doctor working on laptop in exam room\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/medcitynews.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/medcitynews.com\/#website\",\"url\":\"https:\/\/medcitynews.com\/\",\"name\":\"MedCity News\",\"description\":\"Healthcare technology news, life science current events\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/medcitynews.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/medcitynews.com\/#\/schema\/person\/91c47b5afe1058bd74c8125a1b9248ec\",\"name\":\"Katie Adams\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/medcitynews.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2023\/05\/cropped-MedCityFinals-45-4-scaled-1-96x96.jpg\",\"contentUrl\":\"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2023\/05\/cropped-MedCityFinals-45-4-scaled-1-96x96.jpg\",\"caption\":\"Katie Adams\"},\"description\":\"Katie Adams is a senior reporter for MedCity News covering providers and healthcare technology. Previously, she worked as a healthcare technology editor at Becker\u2019s Hospital Review. Her journalism degree is from DePaul University in Chicago, where she is still based. LinkedIn: https:\/\/www.linkedin.com\/in\/katie-adams-450775141\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/katie-adams-450775141\/\"],\"url\":\"https:\/\/medcitynews.com\/author\/kadams\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates - MedCity News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/","og_locale":"en_US","og_type":"article","og_title":"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates - MedCity News","og_description":"The first major update to HIPAA in more than a decade will eliminate the distinction between \u201crequired\u201d and \u201caddressable\u201d safeguards, making key cybersecurity and physical security measures mandatory for all healthcare providers. This shift will expose gaps in hospitals\u2019 fragmented security systems, though, according to Kumar Sokka, CEO of cybersecurity platform Acre Security.","og_url":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/","og_site_name":"MedCity News","article_published_time":"2026-04-30T03:20:48+00:00","article_modified_time":"2026-04-30T03:21:00+00:00","og_image":[{"width":724,"height":483,"url":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg","type":"image\/jpeg"}],"author":"Katie Adams","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Katie Adams","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#article","isPartOf":{"@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/"},"author":{"name":"Katie Adams","@id":"https:\/\/medcitynews.com\/#\/schema\/person\/91c47b5afe1058bd74c8125a1b9248ec"},"headline":"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates","datePublished":"2026-04-30T03:20:48+00:00","dateModified":"2026-04-30T03:21:00+00:00","mainEntityOfPage":{"@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/"},"wordCount":443,"commentCount":0,"image":{"@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage"},"thumbnailUrl":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg","keywords":["Acre Security","compliance","cybersecurity","HIPAA","security"],"articleSection":["Health Tech","Hospitals","Policy","Providers"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/","url":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/","name":"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates - MedCity News","isPartOf":{"@id":"https:\/\/medcitynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage"},"image":{"@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage"},"thumbnailUrl":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg","datePublished":"2026-04-30T03:20:48+00:00","dateModified":"2026-04-30T03:21:00+00:00","author":{"@id":"https:\/\/medcitynews.com\/#\/schema\/person\/91c47b5afe1058bd74c8125a1b9248ec"},"breadcrumb":{"@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#primaryimage","url":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg","contentUrl":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2026\/04\/doctor.jpg","width":724,"height":483,"caption":"Male doctor working on laptop in exam room"},{"@type":"BreadcrumbList","@id":"https:\/\/medcitynews.com\/2026\/04\/hipaa-hhs-healthcare-cybersecurity-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/medcitynews.com\/"},{"@type":"ListItem","position":2,"name":"Why Some Hospitals Won\u2019t Be Able to Comply With Upcoming HIPAA Updates"}]},{"@type":"WebSite","@id":"https:\/\/medcitynews.com\/#website","url":"https:\/\/medcitynews.com\/","name":"MedCity News","description":"Healthcare technology news, life science current events","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/medcitynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/medcitynews.com\/#\/schema\/person\/91c47b5afe1058bd74c8125a1b9248ec","name":"Katie Adams","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/medcitynews.com\/#\/schema\/person\/image\/","url":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2023\/05\/cropped-MedCityFinals-45-4-scaled-1-96x96.jpg","contentUrl":"https:\/\/medcitynews.com\/wp-content\/uploads\/sites\/7\/2023\/05\/cropped-MedCityFinals-45-4-scaled-1-96x96.jpg","caption":"Katie Adams"},"description":"Katie Adams is a senior reporter for MedCity News covering providers and healthcare technology. Previously, she worked as a healthcare technology editor at Becker\u2019s Hospital Review. Her journalism degree is from DePaul University in Chicago, where she is still based. LinkedIn: https:\/\/www.linkedin.com\/in\/katie-adams-450775141\/","sameAs":["https:\/\/www.linkedin.com\/in\/katie-adams-450775141\/"],"url":"https:\/\/medcitynews.com\/author\/kadams\/"}]}},"_links":{"self":[{"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/posts\/146799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/users\/31620"}],"replies":[{"embeddable":true,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/comments?post=146799"}],"version-history":[{"count":2,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/posts\/146799\/revisions"}],"predecessor-version":[{"id":146804,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/posts\/146799\/revisions\/146804"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/media\/146800"}],"wp:attachment":[{"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/media?parent=146799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/categories?post=146799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/medcitynews.com\/wp-json\/wp\/v2\/tags?post=146799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}