Banking & Finance Healthcare Manufacturing Legal Government & Defense How It Works Knowledge About Request Demo
Compliance & regulation

The HIPAA Security Rule is changing. Here's what it says about AI.

The first substantive HIPAA Security Rule update in twenty years is on the Department of Health and Human Services' regulatory agenda for May 2026. For hospitals, health plans, and the third parties that touch protected health information, this is the biggest change to HIPAA's technical and administrative requirements since the HITECH Omnibus Rule in 2013. The proposed rule also does something new: it names artificial intelligence as a technology that has to be inventoried, governed, and proven safe before it gets near patient data.

By Keith Kennedy, CISSP · Founder, Cognetryx Published May 27, 2026 14 min read
HIPAA Security Rule update: the 2026 NPRM names AI as a technology asset under HIPAA
The timeline

What changed, and when

OCR published the Notice of Proposed Rulemaking on January 6, 2025.[1] The public comment period closed March 7, 2025, with about 5,000 comments submitted. HHS placed final-rule action on its regulatory agenda for May 2026, which is now.[2] Whatever the final text says, the substance is unlikely to drift far from the proposal, because the proposal itself was the result of years of HHS workshops, breach data analysis, and stakeholder input.

The clearest signal in the proposal is that "required vs addressable" is going away. Today, a covered entity can decide that a particular Security Rule specification is "addressable" and implement a reasonable alternative. The proposed rule removes that flexibility for almost every specification. Encryption, multi-factor authentication, asset inventory, network segmentation, patch management, contingency plan testing, penetration testing, and annual compliance audits all become required.[3]

That shift matters on its own. The bigger shift, for anyone running AI in a healthcare setting, is what the proposed rule says about AI specifically.

What the rule says about AI

AI is a technology asset, not a special case

That is the most important sentence in this piece, so it gets to stand alone.

The proposed rule treats AI software as just another category of system that touches electronic protected health information. The implication is that everything the Security Rule requires of any other ePHI system applies, with no carve-out for the model being new or the math being complicated. Four specific provisions flow from this.

Inventory. Any AI software that creates, receives, maintains, or transmits ePHI must be included in the covered entity's written asset inventory and network map.[4] That includes software you bought, software you built, and software your staff signed up for without telling IT. The proposed rule requires the inventory and network map to be reviewed and revised at least once a year, which means the AI inventory has to be a living document rather than a one-time exercise.

Risk analysis. The risk analysis and risk management requirements explicitly extend to AI. If you cannot tell an examiner the data your AI touches, the people who can access it, and how its decisions are reviewed, you are not meeting the standard.

Training data and model outputs. The proposed rule is specific that ePHI used as training data, embedded in model weights, generated as prediction output, or held as algorithmic intermediate data is protected. The protection follows the data into the AI system rather than stopping at the input.[5]

Audit logs. Audit logs are required for AI interactions involving PHI, the same way they are required for any other system that touches ePHI. That includes the prompt, the records the AI read, the answer, and enough context to reproduce the interaction during an examination.

The shift in posture

For years, the HIPAA conversation around AI vendors centered on the Business Associate Agreement. The proposed rule reframes the conversation. The BAA is still the legal instrument that defines responsibilities. It is no longer the answer to the compliance question. The covered entity has to inventory the AI vendor explicitly, document the data flow, run risk analysis on the system, and prove the controls during an annual compliance audit. A BAA without the rest does not satisfy the rule.

The to-do list

What hospitals have to do now

If the final rule lands close to the proposal, every health system has roughly the same five tasks to start on, regardless of size.

  1. Build a real AI asset inventory. Not the spreadsheet IT keeps. The one that lists every AI tool actually in use across clinical, billing, scheduling, supply chain, HR, and legal, including the unsanctioned ones staff signed up for. Because the proposed rule requires annual revision, this is a continuing program rather than a snapshot.
  2. Extend risk analysis to cover AI explicitly. Your existing risk analysis methodology has to absorb AI systems as a distinct asset class. Where the data goes. What controls protect it. What happens when the model is wrong.
  3. Lock down audit logging. Every AI interaction with ePHI needs the same audit-trail discipline as any other system that touches PHI. User identity, timestamp, source document referenced, output generated, and the ability to reproduce the interaction in an exam setting.
  4. Document the data flow. Your network map has to show where ePHI travels when it gets to an AI tool. If you cannot draw that diagram clearly, you cannot prove compliance, and you cannot answer the audit question that will be at the center of every OCR review going forward.
  5. Prepare for annual compliance audits. The proposed rule makes annual audits mandatory.[3] Whatever your AI deployment looks like, it has to survive scrutiny once a year. That is a different posture from "we ran a risk analysis when we bought the tool."
Where deployment shapes the answer

The architectural conversation is the compliance conversation

The hardest part of the new requirements is not the inventory or the risk analysis or the audit logs in the abstract. Those have all been in HIPAA in some form for years. The hardest part is proving them when the AI is in someone else's cloud.

When ePHI travels to a third-party AI service to get an answer, the audit trail and the data-flow diagram and the risk assessment all have to extend to that vendor's environment. The annual compliance audit has to look at whether the vendor's controls held up. If the vendor's controls fail, your compliance posture fails with them.

When the AI runs inside your own network, the proof is easier because the AI is just another system inside the boundary your security team already secures. The inventory, the network map, the audit log, and the risk analysis are all yours to produce on your own equipment. The new rule's requirements are still real. You are answering them about your own house rather than about a vendor's.

This is the same architectural argument the breach record makes. The 2025 OCR data shows that 35.8% of large healthcare breaches happened at business associates, the third-party vendors that handle PHI on behalf of covered entities. The full breakdown is here. Adding another business associate, especially one whose value proposition depends on processing more PHI faster, expands the surface that the new Security Rule is going to ask hard questions about.

What it costs to get this wrong

Penalties and enforcement

Civil penalties under HIPAA reach $50,000 per violation in the top tier, with annual caps that escalate based on the entity's awareness of the violation. Criminal penalties for knowing violations can reach $250,000 in fines and ten years' imprisonment.[6] Those numbers are not new, but the proposed rule expands the set of behaviors that become violations, because more specifications become required and the audit creates more documented evidence of either compliance or its absence.

The first enforcement actions under the new rule will not arrive on the day it goes into effect. They will arrive twelve to thirty months later, in the OCR investigations of breaches reported in 2026 and 2027. Hospitals that have already inventoried their AI, run risk analysis on it, and can produce the audit trail will be in a different position from hospitals that have not.

Map your AI footprint before the rule finalizes

A short AI Strategy Assessment maps where AI is already in use across your institution, where ePHI is exposed, and what running it inside your own environment would take. No data leaves your walls to find out.

Book a free AI Strategy Assessment

Frequently asked questions

When does the new HIPAA Security Rule take effect?

OCR published the Notice of Proposed Rulemaking on January 6, 2025. The public comment period closed March 7, 2025. HHS placed final-rule action on its regulatory agenda for May 2026, and OCR has confirmed it intends to finalize the rule. Once a final rule is published, covered entities typically have 180 days to comply, though some specifications can carry longer timelines.

Does the proposed rule apply to AI that does not directly process patient records?

The proposed rule applies to any electronic system that creates, receives, maintains, or transmits electronic protected health information. AI tools that read schedules, billing records, claims data, or messages between staff are in scope if those records contain ePHI. The rule treats AI as a category of technology asset, not as a special use case, so the inventory, risk analysis, and audit requirements follow the data.

Is a Business Associate Agreement enough to cover an AI vendor under the new rule?

A BAA remains the legal instrument that defines responsibilities, but the proposed rule's compliance audit, asset inventory, and risk analysis requirements push past the BAA. The covered entity has to inventory the AI vendor explicitly, document the data flow, and prove the controls during an annual compliance audit. The audit looks at substance, not paperwork, so a BAA without the rest does not satisfy the rule.

What is required under the new annual compliance audit?

The proposed rule requires covered entities and business associates to perform an audit at least once every twelve months to confirm Security Rule compliance. The audit covers the asset inventory, the network map, the risk analysis, technical safeguards including encryption and multi-factor authentication, and the contingency plan. For organizations using AI, the audit also looks at the AI-specific inventory, the AI risk analysis, and the AI audit logs.

Does on-premises AI satisfy the new rule automatically?

No architecture satisfies HIPAA automatically. The proposed rule's requirements (inventory, risk analysis, audit logs, network mapping, annual audit) apply to any system that touches ePHI, including one deployed on-premises. What on-premises AI does is make the requirements easier to answer, because the inventory, network map, audit log, and risk analysis are all about systems inside the boundary the institution already secures, rather than a third-party vendor's environment.

Keep reading

Sources

  1. U.S. Department of Health and Human Services, Office for Civil Rights, HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information. Notice of Proposed Rulemaking, Federal Register, January 6, 2025. federalregister.gov/documents/2025/01/06/2024-30983
  2. HHS Office of Information and Regulatory Affairs, Unified Agenda of Regulatory and Deregulatory Actions, RIN 0945-AA22. Final-rule action listed for May 2026. reginfo.gov
  3. HHS Office for Civil Rights, HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information. Fact sheet covering the removal of the required vs addressable distinction, mandatory MFA, encryption, annual audits, and asset inventory. hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet
  4. NPRM at section 164.308(a)(1), proposed asset inventory and network map requirements, naming AI software that creates, receives, maintains, or transmits ePHI as an in-scope technology asset.
  5. NPRM preamble discussion of artificial intelligence, quantum computing, and emerging technologies, including the treatment of ePHI as training data, embedded in models, and generated as outputs.
  6. 42 U.S.C. § 1320d-5 (civil penalties) and 42 U.S.C. § 1320d-6 (criminal penalties) under HIPAA, as updated by the HITECH Act and adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act. hhs.gov/hipaa/for-professionals/compliance-enforcement

This article is informational and not legal or compliance advice. The proposed rule has not been finalized as of publication, and the final text may differ. Confirm how any provision applies to your institution with your own counsel and your OCR-facing compliance team.