Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. We suggest you watch the video while reading the transcript.
Hey everybody. Good morning. Good afternoon. This is Dr. Perry Barnhill with the Fearless Provider, and I want to give a big thanks to ChiroSecure for bringing this show to you today. You really need to pay attention. We are going to talk about some new things that you have to have in HIPAA for 2026. Go to slideshow please.
Click here for the best Chiropractic Malpractice Insurance
Again, my name is Dr. Perry Barnhill. I am with the fearless provider myself, and Dr. Julie McLaughlin. Wanna bring this show to you regarding some of the new and very, very important changes that you need to be aware of for 2026. Now, one, we are providers just like you. It’s very important to know that we understand what it’s like to be in your shoes.
We also understand what it’s like to be on the other side of the fence in regards to compliance. And specifically here, hipaa. We know what they’re thinking, we know what they’re looking for. So we combine our expertise in the world of being a provider, healthcare like you guys, and also in the world of compliance and our real world experience in practice.
Get a Quick Quote and See What You Can Save
So let’s get into this. Let’s talk about what’s new in the new year for hipaa. Some expectations. And are you ready? ’cause you have to be ready. Okay. Why this matters more now than ever. I know we say this a lot, but there are changes frequently and it’s very confusing in the world of HIPAA specifically.
So one of the things I wanna talk about is this, and that’s enforcement. The enforcement with HIPAA continues to increase, and the reason that it continues to increase is, quite frankly, the OCR, the Office of Civil Rights is. Pretty much told us for years and years and years, you have to be aware of this.
The fact that you say, or maybe you want to tell us that you don’t know, you should be doing certain things. It falls on deaf ears now. They don’t buy it anymore. And the other thing is this too. In fact, they just came out with this, believe it or not, the fines actually rise with inflation, if you believe that or not each year, and I shouldn’t say each year, but most years the fines and the penalties go up and they just announced that they just won up.
Learn More Links:
https://www.fearlesscompliance.org/
Want to find out your HIPAA score:
So you don’t wanna be in the shoes, or you don’t wanna be at the receiving end of any kind of fines or any kind of penalties and technology. Is it risk? It’s higher than ever. We know about cyber criminals. We hear about ransomware, we hear about phishing attacks. We hear about things that people’s emails get compromised, their websites get compromised, and guess what?
A lot of times that could include patient protected health information, which you are responsible a hundred percent to protect at rest and in transit. Now patients expect compliance and they also expect privacy. Here’s the other thing too, the additions and some of the deletions to your notice of patient privacy policy.
And guess what? Depending on when, when, when you hear this, this starts February 16th, 2026. You have to have updated notice of patient privacy policies available, and you have to. Notify your patients about those things, which we have all of that. Now, let’s get into the sum of this again, the biggest HIPAA risk for 2026, and that is unsecured technology that can fall on many, many different avenues.
And what am I mean to this? What I mean by this is it can be in your office. Because maybe staff’s not aware of certain things they need to protect, what they should say or what they shouldn’t say. Or even more importantly, these days with technology, what they should and shouldn’t click. What links are good and what links may not be good.
They have to be aware of this. Business associates not being compliant. Did you know that if one of your business associates, and what I mean by business associates is. Anybody that you do business with that has access to protected health information that you have on your patients, they have to be just as HIPAA compliant as you do because they have that information.
So you have to make sure all of your business associates, one, have a business associate agreement on file, and two, that they’re aware of some of these new changes that are coming down the pipe. Of course documentation. It’s always one of the burdens that we have as providers is documentation with several things in our office.
But in this context, hipaa, you have to document these things in, in your manuals. You have to document that you’re doing training. In fact, we’re just, we’re doing a training on this notice of patient privacy policy. Now that one, here’s the updated form, and two, these are the things you need to do in order to train your staff and be compliant.
You have to do these things. Lack of training, I just kind of talked about that. You have to train your staff on all the changes that come up. And you know what? It’s not really that hard. It’s not rocket science, but not knowing what you need to know and how to do it is why it becomes so very, very difficult.
And if you go through the training, you’ll understand what it is that you need to do. Inconsistent policies and documents being followed. We have to be consistent. We have to be consistent on things that we’re actually training. If we’re training something, it means that we should be implementing them and we should be doing those things.
So again, let’s go over this. What’s changed recently that doctors and providers need to be aware of? Well, again, the expectations are stronger for ongoing training because the OCR, the Office of Civil Rights, the police of hipaa, they’re frankly tired of saying, Hey, listen, you need to be aware of these things, and if you’re not doing them.
If they don’t care as much as they used to. There’s no excuse these days. Basically, the crackdown on improper access and data sharing. If you’re sharing patient’s information with areas or people you’re not supposed to, they don’t have much tolerance for it these days. Scrutiny on cyber incidences, like I talked about, ransomware, phish incidences.
You have to be prepared for these things. You have to, one, do everything you’re supposed to in regards to HIPAA to prevent these things from happening. If they do happen, you have, if they do happen, you have to know what it is you have to do in response to those things. So greater expectations of leadership, accountability, there’s no excuses anymore.
Not knowing is not an excuse. So, and the last thing that I’ve talked about already is that notice patient privacy policy. Again, this changes February 16th. You have to have this updated, absolutely have to have this updated now. Policies and procedures, we’ve talked about this in the past. They’re living documents.
It’s not just something you can throw up on yourself and just put in your manual and not do anything about. So they must match what you actually do. If you have a policy, and by the way, there’s a ton of policies and procedures that you are absolutely required by law to have that. You have to have in your manual, and you have to actually be doing the things that you say you’re doing.
They must be updated. Like for example, this notice of patient privacy policy has to be updated. There’s no excuse if you don’t have it updated, and it must be accessible. To your team and defensible meaning if you put it out there, you better be able to defend what it is you’re actually doing and make sure it is, or what you’re doing is actually correct and you’re abiding by all the rules and the laws in the context of hipaa.
So the training in 26, 20 26, it’s not optional. Every staff member, they need to understand hipaa. They don’t have toand. Every little tiny detail, but there’s certain things they have to know and they have to be aware of, and that has to be in your training. In fact, all new hires within 45 days have to be trained.
I mean, there’s things that you should be training on prior to that, but there’s certain things they absolutely have to do within a period of time. Annual refreshes, they’re expected. In fact, they’re required. And you must document these trainings and these requirements in some kind of training log. And in many of these training logs, you should be having your staff sign the documents.
They’ve actually been trained on them. So if they ask you, and when I mean they, the Office of Civil Rights, essentially enforcers of the, or the police of hipaa. If they ask you if you’ve done these trainings, you can provide them with the documentation that shows you’ve actually done those. It’s very important, technology security, a reality check.
You know, are your devices secure? These things always scare me when we talk to our providers out there, like, Hey, are you making sure that the email you send out that contains PHI. Protected health information. Is it protected? Is it secure? Not only in your office, but is it secure while it’s in transit?
So there’s stored information and there’s information that we send out that we call in transit. Is your PHI properly protected? Is your data backed up? You know, what if something happens? Is it backed up? And where is it backed up? These are all policies and procedures that we need to have. Do we have a cyber response plan?
So if something happens. What do we do? We have to have these things written down. What about our business associates that I talked about earlier? Again, who are they? You know, our business associates, again, our third party vendors that handle our protected health information. I’ll give you an example of one, a billing company.
They are a business associate, so one, you have to have a business associate agreement on file. So the second bullet point here is you must have BAAs and you gotta confirm that they’re actually compliant. It doesn’t mean you just give it to ’em and never. Reach out to ’em. You gotta double check with them.
Make sure, are you doing the things we’re supposed to? We have an accountability to our patients to make sure we’re doing the things properly with our business associates. So if they make a mistake and if they breach, guess what? We’re still responsible. There’s certain things we have to do if that happens and it does happen.
So a simple New Year, HIPAA plan, if nothing else. Do these things. You have to at least update the current manuals you have. If you don’t have one, for sure, reach out to us. ’cause we have all that information. You have to create one, you have to do the staff training. You have to confirm your business associates.
Like I just said. You have to review your cyber readiness like we’ve discussed. And again, you gotta document everything. We’re all about reinsurance and empowerment. You don’t have to figure this out alone. We know what it’s like to be you. We do. We’ve been there. We’ve done that. If there’s a simple system, you know, providers just like you’re doing it, and this is absolutely achievable ’cause we help hundreds of providers all the time, each and every week across the country with their HIPAA needs.
You want. You want help making HIPAA compliant, simple and organized and stress-free? Well, we have a step-by-step guidance. We have monthly training, we have annual training, and we have policies in our program that’s ready to use and you can put in place. Literally from day one. But I think what’s most important is we have ongoing resources and we have updates to the changes.
Like I said, there’s an update starting next week whenever you’re listening to this. That’s February 16th, 2026 that you have to have. All right, and this is built from real world experience. From real world healthcare offices like myself and Dr. Julie, so we understand again, both sides of the fence. 2026 is the year that you stop worrying about HIPAA and you finally feel confident and secure and compliant.
’cause we know what it’s like when you don’t. You’re scared, you’re nervous, you’re hoping it’s not gonna happen to you. But believe me, these days things are happening and you need to make sure. You’re ready. So what are some of the next steps to consider? If you have more questions, reach out to us. You can go to fearless compliance.org.
There’s clicks there where you can reach out to us. Or if you have specific questions, feel free to contact us and ask us questions at info@betterhipaablueprint.dot com. You can check out our program. You can go right to fearless compliance.org or simply scan the QR code here and it’ll take you right to that site.
We want to give everybody thanks for joining this program here, but we also want to thank ChiroSecure for sponsoring the program. In the meantime, everybody have an amazing rest of your day.
Learn More Links:
https://www.fearlesscompliance.org/
Want to find out your HIPAA score: