phi
Safeguard articles tagged "phi" — guides, analysis, and best practices for software supply chain and application security.
6 articles
A HIPAA technical safeguards checklist for application security teams
HHS reported 663 large healthcare breaches in 2024 exposing 242.9M records. Here's how §164.312's technical safeguards map to concrete app-sec controls.
HIPAA Security Rule Update: What the 2026 Final Rule Will Require
HHS published the HIPAA Security Rule NPRM in January 2025. Finalization is on the agenda for 2026. Covered entities and business associates need to start work now.
HIPAA and the Software Supply Chain in 2026
The HIPAA Security Rule has not changed, but OCR enforcement and the 2024 NPRM are reshaping what supply chain controls covered entities and business associates must demonstrate.
Healthcare Supply Chain Security Baseline for 2026
What hospitals and payers should actually require from their software vendors in 2026: HIPAA-aligned controls, SBOM expectations, and the threats now hitting clinical environments.
HIPAA Security Rule NPRM: Encryption, MFA, and the End of 'Addressable'
OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.
HIPAA and Software Supply Chain Compliance for Health Tech
HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.