HIPAA 2026 Compliance Checklist for Healthcare Providers
January 29, 2026
Use this checklist to quickly assess your organization's readiness for the upcoming HIPAA Security Rule update.
1. Core Technical Safeguards
✅ MultiFactor Authentication (MFA) enabled on all systems
✅ Regular vulnerability scans performed
✅ Annual penetration test completed
✅ Audit logging enabled across all PHIrelated systems
✅ Audit logs reviewed using a documented schedule
2. Annual Testing & Documentation
✅ Annual HIPAA Security Risk Analysis completed
✅ Updated system inventory included in documentation
✅ Updated data flow diagrams created
✅ Annual incident response drill conducted
✅ Annual backup and disaster recovery testing performed
✅ All security policies reviewed and updated
3. Business Associate (BA) Oversight
✅ Updated list of all Business Associates maintained
✅ Signed and current BAA for every BA
✅ Annual BA compliance review conducted
✅ Documentation of vendor assessments retained
✅ Verification that each BA complies with updated HIPAA requirements
4. Administrative Safeguards
✅ Annual HIPAA security training completed by all staff
✅ Unique login credentials for all users
✅ Formal onboarding and offboarding process maintained
✅ Access privileges reviewed annually
✅ Policies for handling PHI updated and enforced
5. Physical Safeguards
✅ Secure workstation policies implemented
✅ Physical access to servers and networking equipment restricted
✅ Visitor access logged and monitored
✅ Mobile devices encrypted and able to be remotely wiped
✅ Facility security controls reviewed annually
6. Operational Readiness
✅ Annual cybersecurity budget approved
✅ IT/MSP aligned with HIPAA rule updates
✅ Clear ownership of compliance responsibilities assigned
✅ Gaps identified through assessments have remediation plans
✅ Continuous monitoring practices established
