The Proposed 2026 HIPAA Security Rule Update: What Changes for AI Vendors

The HIPAA Security Rule has not been meaningfully updated since 2003. The proposed 2026 rule treats every "addressable" safeguard as required, demands annual technical verification by subject-matter experts, and pulls AI vendors squarely into the regulatory crosshairs.

What the law actually says

flowchart TD
  In[Patient interaction] --> MinNec{Minimum necessary?}
  MinNec -->|yes| Process[AI process]
  MinNec -->|no| Reject[Block + log]
  Process --> Encrypt[(AES-256 at rest)]
  Encrypt --> DB[(PostgreSQL)]
  Process --> Audit[(Audit trail)]
  DB --> Right[Right of access §164.524]

On December 27, 2024, the HHS Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking (NPRM) at 90 Federal Register 898 to modify the HIPAA Security Rule at 45 CFR Part 164, Subpart C. The comment period closed March 7, 2025, and OCR has kept the final rule on its Unified Agenda for May 2026.

The NPRM proposes the most significant changes to the Security Rule since 2003. The biggest structural shift is the elimination of the long-standing "required vs addressable" distinction in 45 CFR 164.306(d). Every implementation specification becomes mandatory, with limited and well-documented exception paths. The proposal also introduces a written technology asset inventory, an enterprise-wide network map, mandatory multi-factor authentication for access to relevant electronic information systems, encryption of all ePHI at rest and in transit (with very narrow exceptions), and a requirement that business associates verify in writing — at least once every 12 months — that they have deployed the technical safeguards required by 45 CFR 164.312. That verification must be conducted by a subject-matter expert.

The proposed risk analysis at 45 CFR 164.308(a)(1) is no longer a one-page templated exercise. OCR proposes that the risk analysis explicitly include a written assessment of the criticality of relevant technology assets, a written assessment of threats to the confidentiality, integrity, and availability of ePHI, and a written evaluation of the likelihood and impact of those threats — including threats arising from the use of artificial intelligence.

What this means for AI voice and chat agents

Every AI voice or chat vendor that touches PHI on behalf of a covered entity is a business associate under 45 CFR 160.103. Under the proposed rule, that vendor will need to: maintain a written technology asset inventory of every model, embedding store, vector database, and telephony component in the PHI path; perform an annual third-party verification of technical safeguards; encrypt PHI at rest and in transit by default; deploy MFA on every administrative interface; and run a risk analysis that names AI-specific threats — prompt injection, training-data leakage, model hallucination, sub-processor drift, and audio re-identification.

The "addressable" escape hatch is closing. A vendor that today claims encryption is "addressable" because of latency concerns will need to either deploy encryption or document, in writing, why it is infeasible and what compensating control replaces it. Buyers should expect their compliance review burden to drop because vendors will be doing the writing themselves.

How CallSphere implements

CallSphere is HIPAA-aligned and SOC 2-aligned, and the architecture already meets most of the proposed 2026 controls. PHI in our Healthcare Voice Agent lives in a dedicated, encrypted PostgreSQL instance called healthcare_voice (one of 115+ tables across our platform) with AES-256 at rest and TLS 1.3 in transit. Every administrative interface enforces MFA via JWT plus second-factor. We maintain a written technology asset inventory covering all 37 production agents and 90+ tools. Post-call analytics record sentiment scores from –1.0 to +1.0, lead scores from 0 to 100, and a full AI summary alongside an immutable audit trail of every tool invocation. Behavioral-health customers start at /lp/behavioral-health; general healthcare buyers can explore /industries/healthcare. 50+ businesses across 6 verticals are running on the platform with a 4.8/5 rating. Pricing and trial details are on /pricing and /trial.

Compliance and build checklist

1. Map every PHI flow through your AI voice or chat stack and write it down — not just a diagram, a written narrative.
2. Build a technology asset inventory: every model, vector store, audio pipeline, telephony leg, and analytics tool.
3. Confirm every implementation specification is deployed, not "addressable." Document exceptions in writing.
4. Encrypt ePHI at rest with AES-256 and in transit with TLS 1.2 minimum (1.3 preferred).
5. Enable MFA on every administrative interface — vendor portal, EHR connector, audit dashboard.
6. Schedule the annual subject-matter-expert verification of technical safeguards — calendar it now.
7. Update your risk analysis to name AI-specific threats explicitly: prompt injection, training leakage, hallucination.
8. Confirm every sub-processor (LLM, ASR, TTS, vector DB, hosting) holds a downstream BAA.
9. Validate the BAA contains a 60-day-or-less breach notification clause aligned to 45 CFR 164.410.
10. Tabletop a ransomware scenario — the NPRM proposes mandatory contingency-plan testing.
11. Stand up a written backlog of remediation items with owners and dates ahead of final-rule publication.

FAQ

Is the 2026 Security Rule update final? Not as of May 2026. OCR's most recent Unified Agenda lists a final rule for May 2026, but the comment period closed March 7, 2025 and a coalition of 100+ hospital systems pushed back hard. Plan as if it will land — early adopters carry less risk.

Does "addressable" really go away? Under the NPRM, yes. Every implementation specification becomes required, with narrow, documented exception paths replacing the addressable category at 45 CFR 164.306(d).

Will small practices get an exemption? The NPRM does not propose a small-practice exemption. Scale of effort is expected to remain proportional, but the controls themselves apply.

Does the rule mention AI by name? Yes. The NPRM preamble explicitly identifies AI-related threats as part of the risk analysis at 45 CFR 164.308(a)(1) and discusses AI-driven ransomware as a motivating threat.

Sources

• HHS NPRM Fact Sheet, HIPAA Security Rule: https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet/index.html
• Federal Register, NPRM (90 FR 898, December 27, 2024): https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information
• 45 CFR 164.306, eCFR: https://www.ecfr.gov/current/title-45/section-164.306
• 45 CFR 164.308, eCFR: https://www.ecfr.gov/current/title-45/section-164.308
• 45 CFR 164.312, eCFR: https://www.ecfr.gov/current/title-45/section-164.312