Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Cloud Solutions Provider (CSP)
Products
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
EmPerform
Provide people managers with flexible employee performance management software.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
PowerGov
Engage citizens with a community development app for city maintenance and management.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
Data & Analytics Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
AI Managed Services
Support for your AI technologies & ongoing strategic coaching to take your AI initiatives to the next level.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Microsoft Support Services
Flexible, routine support and environment management for critical Microsoft systems.
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Learning Channels
Events
News
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Locations
Awards & Recognition
Special Meeting Vote
Careers
Support
Contact us
Special Meeting Vote
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Cloud Solutions Provider (CSP)
Products
Back
Products
EmPerform
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
Managed Services
Back
Managed Services
Azure Management Services
AI Managed Services
Security Program
Power Platform Program
Digital Workplace Program
Data & Analytics Program
Dynamics Program
App Dev Program
Microsoft Support Services
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Locations
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy
General Quisitive gradient background
Understanding the 2025 HIPAA Updates and How to Prepare 
March 5, 2025
Ed Higgins
Over the last few years, there's been a significant increase in cyberattacks on healthcare organizations. The 2025 HIPAA updates are designed to protect both patients and organizations from this concerning trend. Understand what's changing and how to stay compliant.
Blog Feature Image - 2025 HIPAA Updates

As we move forward into 2025, significant updates to the HIPAA security rule are on the horizon. These changes are designed to enhance the security protocols for healthcare providers, health plans, and their business associates. The focus is on preventing phishing and ransomware attacks, ensuring end-to-end encryption, and implementing multi-factor authentication (MFA). Here’s a detailed look at what these HIPAA updates entail and how leveraging the Microsoft stack can help meet these new requirements. 

During a recent webinar, I cited the significantly sharp increases in cybersecurity breaches in the last several years and the continuation of those trends where bad actors are “upping their game” to launch ransomware attacks and data theft.

Please see the illustrations below, as citations from US Health and Human Services (Breach Report), a database of all data breaches greater than 500 records, that provides clear and irrefutable proof of these increases:

2025 HIPAA Updates Image 1: The Rising Tide of Healthcare Data Breaches, Breach Report Data: Us HHS breach reports reveal a concerning trend. Cybersecurity needs drastic improvement. Data breaches are becoming more frequent. Patient data is increasingly at risk.

Key 2025 HIPAA Updates 

1. Expanded Responsibility:

The new rules extend the responsibility for security protocols to business associates, not just covered entities. This means any company providing services to or on behalf of a covered entity must comply with the new regulations. 

2. Stronger Cybersecurity Controls:

The updates emphasize stronger security controls, spanning from asset inventory and configuration management to ePHI encryption for data at rest and in motion to mandatory MFA to vulnerability and patch management. Below is the list of technological requirements that must be met: 

  1. Multifactor-Authentication Deployed and Enforced 
  2. Encryption of ePHI at rest, Network map of ePHI dataflows 
  3. Vulnerability and Risk Analysis for Assets related to ePHI 
  4. Endpoint and Server protection (anti-malware, removing extraneous software, disabling network ports) 
  5. Stronger security incident response plans, including backup & restore within 72 hours 
  6. Network Segmentation 

The new law brings with it also administrative controls (non-technical requirements) that must be met: 

  1. Artificial Intelligence and Emerging Technologies 
  2. All Standards are Required and Not Merely Addressable 
  3. Written Documentation  
  4. Compliance Time Periods 
  5. Updated and New Defined Terms 
  6. Risk Analysis 
  7. Contingency Planning 
  8. Business Associate Contracts 

For the administrative controls, I provided some examples and excerpts from the law to help demystify what is required as illustrated below: 

2025 HIPAA Updates Image 2: Excerpts from the law and how to apply them. For example: the law says "Written Documentation" and that means you should have written policies that are aligned to proven frameworks. As Built/Runbooks, and procedures need to be accurate.

3. Incident Response and Breach Reporting:

With these HIPAA updates, there are now tighter timeframes for reporting breaches, requiring continuous monitoring protocols and disaster recovery plans to be in place.

Leveraging the Microsoft Stack 

For the technological requirements I mentioned, Quisitive works as a partner to Microsoft to implement controls using several tools and features that are included within the Microsoft M365 and Azure Security Stack as illustrated below 

2025 HIPAA Updates Image 3: List of technologies that support the HIPAA 2025 mandates. Read below for details

To further provide examples, please see the following: 

  1. Identity and Access Management
    • Microsoft Entra ID: Enforce MFA using the Authenticator app or passkeys to secure user identities. 
    • Conditional Access: Implement risk-based conditional access policies to ensure only authorized users can access sensitive data. 
  1. Data Encryption and Protection
    • Microsoft Purview: Use Purview for data classification, labeling, and encryption to protect sensitive health information. 
    • Microsoft Priva: Manage privacy and compliance requirements, ensuring data protection and regulatory adherence. 
  1. Vulnerability and Risk Management
    • Microsoft Defender: Utilize Defender for endpoint protection, vulnerability management, and risk analysis. 
    • Microsoft Intune: Integrate with Defender to automate patch management and configuration changes. 
  1. Incident Detection and Response
    • Microsoft Sentinel: Deploy Sentinel for advanced threat detection, incident response, and security orchestration.
    • Security Copilot: Leverage AI-driven insights to enhance security operations and automate remediation processes. 

The New Law (pending) is all about Industry Best Practices 

Despite political processes and deliberation about the new updates to HIPAA law, the changes proposed in the HIPAA 2025 law are grounded in industry best practices. These practices are essential for ensuring the security and privacy of sensitive health information. Implementing these measures not only helps in compliance but also significantly enhances the overall security posture of healthcare organizations. 

Conclusion 

The forthcoming 2025 HIPAA changes underscore the need for robust security measures in the healthcare sector. By leveraging the comprehensive tools and solutions offered by the Microsoft stack, organizations can ensure compliance with the new regulations and protect sensitive health information effectively.

I hope this helps you understand and anticipate what will need to happen in order to comply with this new law when it becomes enforceable. Quisitive stands ready to help you. 

Till next time,  

Ed Higgins 

(CISSP, CISA, CISM, CGEIT, C/CISO, TXPI) 

Executive, Director Security and Compliance Solutions, Security Office Leader 

HIPAA Compliance Made Easy with Quisitive 

As a Microsoft Intelligent Security Association (MISA) member and Managed Security Service Provider (MSSP), Quisitive is uniquely positioned to help organizations navigate the complexities of cybersecurity.  

Quisitive’s Spyglass HIPAA 2025 Quick Start Program is designed to help you swiftly and confidently meet compliance mandates through proven cybersecurity best practices. With our HIPAA 2025 Quick Start, your organization will get: 

  • Comprehensive Security & Compliance Strategy  
  • Security Operations & Threat Detection  
  • Data Security & Ongoing Protection 
  • Incident Response & Recovery 
  • Security Program Optimization 

Book your free consultation

Related posts
|
Read more
Event Feature Image Contemplating an Agentic AI Future What IT Leaders Need to Know
Healthcare | 19 Feb
Register Now: Contemplating an Agentic AI Future for Healthcare IT Leaders
Read more
Healthcare | 18 Feb
On-Demand: 2025 HIPAA Security Rule
Read more
Event Feature Image_ MazikCare Copilot for Healthcare Leveraging AI to Transform Patient Care Webinar
Healthcare | 20 Nov
On-Demand: MazikCare Copilot for Healthcare: Leveraging AI to Transform Patient Care
Read more