HIPAA Updates for 2024

HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) is the foundation for patient data protection in an ever-shifting modern healthcare sector.

Being aware of any legislation updates or changes is both an ethical and legal obligation for maintaining HIPAA compliance, delivering high-quality care, and ensuring patient privacy.

2024 brings significant changes to HIPAA in an attempt to address the complex nature of patient data management in an increasingly digital landscape. 

Below, you will find the fundamental changes to HIPAA impacting healthcare providers.

Key HIPAA Updates for 2024

The 2024 HIPAA updates will transform healthcare compliance, bolster cybersecurity, improve privacy, and expand patient rights.

Increased Cybersecurity Requirements

As the role of electronic health records (EHR) continues to expand, the need for increased cybersecurity has become obvious. 

This increased digitization and the proliferation of patient health information (PHI) have made the healthcare industry a prime target for cyberattacks. 

To ensure PHI security and the integrity of EHR systems, the 2024 HIPAA update has introduced stricter cybersecurity requirements including, enhanced risk assessments, incident response plans, and data encryption practices. We recommend reading the HSS planning document.

Expanded Privacy Protections

To further ensure PHI security, the 2024 HIPAA updates introduce provisions intended to extend patient privacy protections and reduce the threats to patient data that continue to emerge. 

Healthcare organizations are required to enact strict safeguards to protect sensitive patient information from internal and external threats. 

Following the standards established in the HIPAA Privacy Rule remain paramount. 

We recommend downloading the AMA-developed modifiable templates provided by the 


  • HIPAA privacy practice notice (DOCX)
  • HIPAA privacy request form (DOC)
  • HIPAA associate agreement (DOCX)
Updates on Breach Notification Requirements

The updated HIPAA requirements strengthen and clarify the requirements for breach notification.

These updates ensure that patients are notified promptly if there has been an unauthorized disclosure of their PHI. 

All healthcare organizations must establish a detailed breach notification plan. The plan should include procedures for identifying, investigating, and reporting the breaches to the Department of Health and Human Services (HHS)

Bookmark these portals for breach submission to the HHS:

Enhanced Patient Rights and Access

Many of the recent HIPAA updates are designed to give patients greater access to and control of their health data

These updates include

  • Allowing patients to inspect PHI in person and take notes or photographs of their PHI.
  • Allowing patients to obtain copies of their medical records in electronic form and to request corrections to inaccurate information.
  • Reducing the maximum time to provide access to PHI from 30 days to 15 days.
  • HIPAA-covered entities must post estimated fee schedules on their websites for PHI access and disclosures.
  • HIPAA-covered entities must provide individualized estimates of the fees for providing an individual with a copy of their own PHI.
  • Restricting the right of individuals to transfer ePHI to a third party, limiting this knowledge to only systems maintained by an EHR.


Your Guide To Patient Rights

Patients must be able to 

Clinics are required to

Inspect their personal information and take notes or photographs of their PHI

Reduce the maximum time to provide patient access from 30 to 15 days

Obtain copies of medical records in electronic form and request corrections

Post estimated fee schedules on their websites

Transfer their electronic personal information but only to electronic healthcare record systems

Provide individualized estimates of fees for providing an individual with a copy of their PHI

Maintaining HIPAA Compliance in 2024 and Beyond

Here are a few additional things you can do to ensure you are positioned for a simpler transition and aware of any changes that may be coming your way.

HIPPA Compliance
Continuous Training

Continuous Training is the cornerstone of a resilient HIPAA compliance strategy. By embedding a culture of awareness and responsibility through regular staff training, healthcare organizations meet regulatory requirements and cultivate an environment where every team member takes an active role in the process.

This training extends to EHR software and internet security protocols. The more healthcare teams understand the technologies they are using, the more they can understand the potential risks. 

By conducting training sessions regularly, healthcare providers and admin teams will always be aware of the latest cybersecurity risks, the current level of protection offered at the server level, and the protections built into the EHR software. 

It is also wise to conduct training sessions around breach notification plans and any plans created for addressing cybersecurity risks. 

Conduct Regular Audits

Perform regular audits of your security measures, ensuring that they align with the latest HIPAA requirements. 

Regularly explore your security protocols to address any potential gaps and adapt to changing risks along with the changing legislation. 

When conducting audits, be sure to include an audit of the established procedures for patients exercising their privacy rights. These policies and procedures should be clear and accessible as well as HIPAA compliant.  

Engage in Industry Forums

Engaging in industry forums is a great way to stay informed on what is happening in healthcare. 

Forums provide an opportunity to learn more about upcoming or expective legislative changes and how they can be addressed. 

These platforms are a hotbed for insight, providing members with tips and advice on how to adapt. 

When you understand what has and has not worked for others, you can better understand what might work in your own organization.  

Staying in Line with CareTracker

There is little doubt that the amendments laid out above will create considerable challenges for healthcare providers and organizations. 

While the administrative burden may be higher during the transition period, it will lessen overall with time. 

The final rule is expected sometime in 2024, but no date has been given. This means there is time to begin updating policies and procedures and any necessary changes to notices of privacy practices. 

As you strive for HIPAA compliance in 2024, aligning with a trusted EHR provider like Harris CareTracker is instrumental. 

Our security system prioritizes HIPAA compliance ensuring all users are well-positioned to adapt to changes without negative consequences, downtime, or complicated technology upgrades. 

Adapting to HIPAA updates is an ongoing process. Harris CareTracker empowers you to provide quality care while maintaining the highest standards of patient data protection.

For information, or to request a consultation, contact Harris CareTracker.

Share The Post

Want to learn more about Harris CareTracker?

Subscribe to Our NewsLetter