HIPAA in 2026: Navigating New Risks, Rules, and Realities

Healthcare organizations face increasing cyber threats, regulatory scrutiny, and operational pressure—yet many still struggle to translate HIPAA requirements into practical, effective controls.

In this 60-minute webinar, Dr. Gus Hanna, cybersecurity architect and healthcare compliance expert, breaks down the HIPAA Privacy Rule and Security Rule into clear, actionable guidance. Attendees will learn how HIPAA applies in modern healthcare environments, including cloud and hybrid systems, how ransomware and data breaches impact compliance, and what “reasonable and appropriate safeguards” really mean in practice.

The session will focus on real-world examples, common compliance gaps, and practical security controls that protect patient data while supporting clinical operations. Whether you are responsible for compliance, IT, security, or leadership oversight, this webinar will help you move beyond checklists toward defensible, risk-based HIPAA compliance.

• Explain the scope and intent of the HIPAA Privacy Rule and Security Rule, including how they apply to modern healthcare organizations and business associates.
• Identify common HIPAA compliance gaps that lead to breaches, enforcement actions, and audit findings—particularly in cloud and hybrid environments.
• Differentiate between administrative, physical, and technical safeguards and understand how each contributes to protecting electronic Protected Health Information (ePHI).
• Apply risk-based thinking to HIPAA compliance, including how to interpret “reasonable and appropriate” safeguards in real-world healthcare settings.
• Recognize how ransomware, phishing, and insider threats impact HIPAA compliance, and evaluate security controls that reduce patient safety and operational risk.
• Map HIPAA Security Rule requirements to industry best practices, including NIST Cybersecurity Framework and NIST SP 800-53 controls.
• Evaluate the roles and responsibilities of covered entities and business associates, including expectations for vendor risk management and shared responsibility models.
• Develop practical next steps to strengthen HIPAA compliance posture, including governance, policies, technical controls, and incident response preparedness.
  

• HIPAA Privacy Rule & Security Rule Overview
• Understanding what each rule covers, how they differ, and how they apply to today’s healthcare and business associate environments.
• Defining and Protecting ePHI
• What qualifies as ePHI, where it lives (EHRs, cloud, endpoints, backups), and why data location matters for compliance.
• HIPAA Safeguards Explained
• Practical interpretation of administrative, physical, and technical safeguards with real-world healthcare examples.
• Risk Analysis & Risk Management
• How to perform and maintain a defensible HIPAA risk analysis and translate findings into prioritized remediation actions.
• Common HIPAA Compliance Gaps
• Frequent causes of breaches and audit findings, including access control failures, insufficient logging, and weak vendor oversight.
• Ransomware & Cyber Threats in Healthcare
• How modern cyberattacks impact HIPAA compliance, patient safety, and breach notification obligations.
• Incident Response & Breach Notification
• What to do before, during, and after a security incident, including timelines and regulatory expectations.
• Vendor & Business Associate Risk Management
• Managing third-party risk, Business Associate Agreements (BAAs), and shared responsibility in cloud environments.
• Aligning HIPAA with NIST & Industry Best Practices
• Mapping HIPAA requirements to NIST CSF, NIST 800-53, and security controls commonly used by healthcare organizations.
• Practical Steps to Strengthen Compliance
• Actionable takeaways, quick wins, and a roadmap to move from checklist compliance to risk-based security maturity.
• Live Q&A Session
  

• Healthcare Executives & Leadership
• CEOs, COOs, CIOs, CISOs
• Practice administrators and hospital executives responsible for risk and compliance
• Compliance, Privacy & Risk Professionals
• HIPAA Compliance Officers
• Privacy Officers
• Risk Management and Governance professionals
• IT & Cybersecurity Teams
• Security Architects and Engineers
• SOC Analysts and Incident Response Teams
• Network, Cloud, and Infrastructure Engineers
• Healthcare IT Management
• IT Directors and Managers
• EHR Systems Administrators
• Health IT Operations leaders
• Cloud & DevOps Professionals
• Cloud Security Engineers (AWS, Azure, GCP)
• DevSecOps and Platform Engineering teams supporting healthcare workloads
• Clinical & Operational Leaders
• Clinical informatics leaders
• Department heads involved in patient data workflows
• Telehealth and digital health program managers
• Legal & Audit Teams
• Healthcare legal counsel
• Internal and external auditors
• Third-party risk and vendor management teams
• Business Associates & Vendors
• Managed Service Providers (MSPs)
• Healthcare SaaS providers
• Medical device and digital health vendors handling ePHI
• Incident Response & Crisis Management Teams
• Business continuity and disaster recovery planners
• Emergency preparedness coordinators
• Healthcare Startups & Innovators
• Founders and product leaders building HIPAA-regulated solutions
• AI, data analytics, and digital health innovators

Gus Hanna, PhD is an industry recognized cybersecurity and compliance leader with over 25 years of experience securing highly regulated environments across healthcare, government, and critical infrastructure. He has served in senior cybersecurity architecture, virtual CISO, and advisory roles for healthcare providers, medical device manufacturers, SaaS platforms, and public-sector organizations, leading HIPAA, HITRUST, FedRAMP, and NIST 800-53 compliance initiatives from design through audit.

Dr. Hanna brings deep, hands-on expertise in HIPAA Security and Privacy Rule implementation, including risk assessments, access controls, incident response, breach handling, third-party risk management, and cloud security for ePHI in AWS and hybrid environments. He has led security architecture and compliance programs supporting hospitals, clinical systems, medical imaging platforms, telehealth solutions, and regulated healthcare data platforms.

In addition to his industry leadership, Dr. Hanna is a university professor teaching graduate and undergraduate courses in cybersecurity, cloud security, incident response, and secure software engineering. He is a frequent conference speaker and panelist, including keynote presentations on AI, cloud security, and regulatory compliance. His ability to translate complex regulatory requirements into practical, operational guidance makes his sessions highly actionable for both technical and executive audiences.