What to Know About the 2025 HIPAA Security Rule Changes

In this episode of DAS Health’s Webinar Series, we sit down with our VP of Cybersecurity, Mike Spurr, to break down the critical updates to the 2025 HIPAA Security Rule and what they mean for healthcare organizations. With cyber threats evolving at an unprecedented rate, these changes introduce stricter data protection measures, enhanced access controls, and clearer compliance guidelines to safeguard Protected Health Information (PHI).

Our expert guest discusses key updates, including:
✅ Mandatory Multi-Factor Authentication (MFA) for all PHI access
✅ Automated vulnerability scanning & penetration testing requirements
✅ Stronger encryption mandates for data at rest and in transit
✅ Role-based access control (RBAC) enforcement to limit unnecessary access
✅ Stricter offboarding protocols to prevent lingering user access
✅ 72-hour recovery mandates for business continuity in case of a breach

We also explore the challenges healthcare providers may face in implementing these changes and practical steps IT teams can take to ensure compliance before enforcement begins. Whether you’re a healthcare executive, IT professional, or cybersecurity enthusiast, this episode is packed with actionable insights you won’t want to miss.