security-rule
Safeguard articles tagged "security-rule" — guides, analysis, and best practices for software supply chain and application security.
4 articles
A HIPAA technical safeguards checklist for application security teams
HHS reported 663 large healthcare breaches in 2024 exposing 242.9M records. Here's how §164.312's technical safeguards map to concrete app-sec controls.
The HIPAA Security Rule for Software Teams: Safeguards, Structure, and Change Ahead
The HIPAA Security Rule is technology-neutral by design, but its administrative, physical, and technical safeguards translate into concrete engineering work. Here's how the rule is structured and how a proposed 2025 overhaul could tighten it.
HIPAA and the Software Supply Chain in 2026
The HIPAA Security Rule has not changed, but OCR enforcement and the 2024 NPRM are reshaping what supply chain controls covered entities and business associates must demonstrate.
HIPAA Security Rule NPRM: Encryption, MFA, and the End of 'Addressable'
OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.