As we move into 2026, organizations handling cardholder data must stay ahead of evolving PCI requirements to maintain compliance and reduce security risks. Since the release of PCI DSS v4.0, several key updates have reshaped how businesses approach compliance—shifting from rigid checklists to a more flexible, risk-based security model. Unlike earlier updates (such as the 2018 changes under PCI DSS v3.2), the latest PCI requirements introduce customized approaches, stricter authentication controls, and expanded security validation measures.
Blog
-
PIN on Glass – Intro, Benefits, Obstacles
PIN on Glass refers to a technology that allows customers to enter their PIN securely on a touchscreen device, such as a smartphone or tablet, instead of using a traditional physical keypad.
The PCI Security Standards Council (PCI SSC) introduced new standards to support this approach. Known as the Software-based PIN Entry on COTS (SPoC) standard, it defines how secure PIN entry can be achieved on commercial off-the-shelf (COTS) devices.
Instead of relying on dedicated payment terminals, PIN on Glass enables merchants to accept secure PIN-based transactions using everyday devices. These solutions combine a secure PIN entry application with additional hardware, such as a Secure Card Reader for PIN (SCRP), to protect sensitive cardholder data.
The standard also supports both contact and contactless EMV transactions, ensuring that PIN on Glass solutions meet the same security expectations as traditional payment terminals. (more…)
-
Developing a HIPAA-Compliant Incident Response Plan
Organizations operating in or supporting the healthcare industry must maintain HIPAA compliance, and a well-defined Incident Response Plan is a critical part of that requirement.
An effective Incident Response Plan helps organizations quickly identify, contain, and remediate security incidents involving protected health information (PHI), reducing both risk and regulatory exposure.
While there are many ways to structure a plan, aligning your approach with proven government frameworks—such as those recommended by NIST—ensures your response is both compliant and effective.
Is your organization fully HIPAA compliant? Schedule a consultation to assess your Incident Response Plan and identify any gaps. (more…)
-
Changes Impacting Covered Entities Under HIPAA in 2026
Covered entities under HIPAA are entering a pivotal period in 2026, as regulators move forward with some of the most significant updates to the framework in over a decade. These changes are designed to strengthen data protection, modernize security expectations, and address the growing complexity of today’s digital healthcare environment.
For covered entities—including healthcare providers, health plans, and clearinghouses—the impact will be immediate and far-reaching. Updated requirements will place greater emphasis on risk analysis, stricter security controls, and faster breach response timelines. At the same time, business associates that handle protected health information (PHI) must also align with these evolving standards.
As enforcement activity increases in 2026, organizations can no longer rely on outdated compliance programs. Covered entities must proactively reassess their HIPAA policies, technologies, and safeguards to remain compliant, reduce risk, and avoid costly penalties. (more…)
-
Cloud Infrastructure Security in Healthcare
Cloud computing has transformed how healthcare organizations store, manage, and access sensitive data. From electronic medical records (EMRs) to telehealth platforms, cloud technologies now play a critical role in modern care delivery. However, as adoption grows, so do security risks. Cloud infrastructure security has become a top priority for healthcare organizations that must protect sensitive systems and safeguard protected health information (PHI).
Due to strict regulatory requirements like HIPAA, organizations must go beyond basic cloud protections. They need a comprehensive approach to cloud infrastructure security in healthcare, one that ensures compliance, reduces cyber risk, and maintains patient trust.
-
Implementing HIPAA Security Rule: Technical Safeguards for Electronic PHI
The HIPAA Security Rule establishes a structured framework to protect electronic protected health information (ePHI), ensuring its confidentiality, integrity, and availability to authorized users. Technical safeguards are a core requirement of HIPAA compliance. These safeguards use technology to secure ePHI against unauthorized access, improper alteration, and transmission risks.
As cyber threats continue to evolve, implementing strong technical safeguards is essential for healthcare organizations to protect sensitive data and maintain compliance. In this blog, we’ll break down the key components of technical safeguards and provide practical guidance for effective implementation.
-
Understanding the NIST Cybersecurity Framework to HIPAA Crosswalk
As cyber threats targeting Protected Health Information (PHI) continue to rise, healthcare organizations must improve how they protect sensitive data. One proven approach is using the NIST Cybersecurity Framework (NIST CSF). Its guidelines align well with HIPAA’s privacy and security rules, helping you strengthen compliance and reduce risk.
The NIST Cybersecurity Framework (CSF) includes trusted, standardized security controls that enhance HIPAA safeguards. It helps healthcare organizations build stronger, more efficient cybersecurity programs that keep sensitive data safe from new and evolving threats. Keep reading to see how NIST CSF and HIPAA work together to protect your healthcare data.
-
How to File a HIPAA Complaint
If you believe your protected health information (PHI) has been mishandled, exposed, or accessed without permission, you have the right to file a HIPAA Complaint and hold the responsible party accountable.
The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, establishes strict standards for safeguarding sensitive patient data. When these standards are violated, individuals can take action by submitting a formal HIPAA complaint.
Most HIPAA complaints are investigated by the Office for Civil Rights (OCR), a division of the U.S. Department of Health and Human Services (HHS). (more…)
-
Stay HIPAA Compliant with a Business Associate Agreement
If your organization provides services to healthcare entities, such as IT support, cloud storage, billing, or legal services—you may be legally required to sign a HIPAA Business Associate Agreement (BAA).
This agreement ensures that your organization complies with the Health Insurance Portability and Accountability Act (HIPAA) when handling or accessing protected health information (PHI).
Entering into a BAA means committing to partial or full HIPAA compliance, which includes conducting risk assessments, implementing security controls, and maintaining appropriate data protection policies. (more…)
-
Summary of the HIPAA Privacy Rule
If your organization handles medical records or patient data in any capacity, the HIPAA Privacy Rule likely applies to you.
The HIPAA Privacy Rule is a core component of the Health Insurance Portability and Accountability Act (HIPAA). It establishes national standards for how protected health information (PHI) must be used, disclosed, and safeguarded to protect patient privacy.
This rule applies not only to healthcare providers like hospitals and physicians, but also to health plans, billing companies, IT vendors, and other third-party service providers that interact with PHI.
These organizations are classified as covered entities and business associates, and both are required to comply with the HIPAA Privacy Rule to avoid violations.
In this guide, we provide a clear summary of the HIPAA Privacy Rule, including who it applies to, what information it protects, and the key requirements your organization must follow to stay compliant.
Whether you’re a healthcare provider or a vendor supporting the industry, understanding the HIPAA Privacy Rule is essential for avoiding costly penalties and maintaining patient trust. (more…)