Here’s the deal: making predictions about 2026 is about as useful as a chocolate teapot. So instead of peering into a cloudy crystal ball, we’re laying down some solid groundwork for planning ahead. We’re talking AI governance, backup strategies that actually work (yes, tested ones), and why you should absolutely know if your vendor quietly stopped signing BAAs. Buckle up—it’s a 2026 survival guide with fewer guesses and more “you got this.”
In this episode:
2026 Planning Since Predicting Is Pointless – Ep 541
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
When you see a couple of numbers on the left side of the text below click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
2026 Planning Since Predicting Is Pointless
Planning for 2026 (Because Predicting 2026 Is a Lost Cause).
Predictions are pointless but preparation isn’t.
[03:25]Part 1: AI Program Management
- Why AI planning must be intentional in 2026
- Vetting AI vendors
- What data they collect
- How they secure it
- Whether they offer HIPAA-eligible configurations
- Building AI use policies
- Acceptable use, PHI boundaries, output verification
- Procedures for hallucination checks
- AI training for staff
- Preparing for AI inside incident response workflows
- Shadow AI enters the chat
- Why staff use unapproved tools
- Risks to privacy/security
- How to detect and redirect it with safer alternatives
Part 2: Cybersecurity Must-Dos for 2026
- MFA modernization
- Backup resilience: immutable backups and tested restoration
- Zero-trust lite: simple segmentation and least privilege
- Refreshing incident response plans
- Vendor risk management tune-up
- Passwordless beginnings: reducing phishable credentials
Part 3: Privacy and HIPAA Planning
- 2024–25 OCR enforcement themes to expect echoes of
- Access rights issues
- Basic safeguard failures
- Business associate oversight
- Update BAAs with AI considerations
- Website and tracking technology compliance check
- Data minimization review: delete the PHI you don’t need
- Patient communication/marketing tools: review privacy settings and vendor changes
Part 4: The Human Factor (Where Good Plans Live or Die)
- Culture over compliance: getting staff to care without scaring them
- Reducing phishing fatigue
- Leadership setting 2–3 security goals for the year
- Onboarding/offboarding consistency
- The loop back to shadow AI
- Humans adopt tools that make work easier
- Organizations must provide safe, approved alternatives
- Education + options beats punishment every time
The “Start Your 2026 Strong” Mini-Checklist
- Approve or update your AI policy in Q1
- Verify backups and schedule a recovery test early in the year
- Review BAAs and vendor privacy/security settings, especially around AI
- Refresh incident response contacts and run a tabletop by mid-year
- Recheck your website for tracking technology issues
- Have one intentional staff conversation about expectations, support, and avoiding shadow AI
If your brain isn’t a little fried by now, we may not have done our job. But in a good way, right? Now you’ve got your marching orders to tackle 2026 like a cybersecurity superhero—with an AI sidekick, a zero trust cape, and a pocketful of HIPAA-friendly policies. Just don’t forget: flushing toilets and working tech are equally underappreciated… until they’re not.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
