Skip to the main content.

Modernize & Transform

Built to help you reimagine IT operations, empower your workforce, and leverage AI-powered tools to stay ahead of the curve.

Untitled design (3)

Empower My Team

We bring together the best of Microsoft’s cloud ecosystem and productivity tools to help your people thrive.

Untitled design (3)

Build My Infrastructure

We offer a comprehensive suite of infrastructure services tailored to support your business goals today and scale for the future

Untitled design (3)

IT Services

Our managed and co-managed IT service plans deliver a responsive and innovative engagement to support your IT needs, improve employee experience, and drive growth for your business. 

Untitled design (3)

Cybersecurity Services

Sourcepass offers innovative solutions, including SOC, GRC, Security Assessments, and more to protect your business.

Untitled design (3)

Professional Services

Grow your business with cloud migrations, infrastructure refreshes, M&A integrations, staff augmentation, technical assessments, and more.

Untitled design (3)

Resource Library

Stay ahead, stay connected, and discover the future of IT with Sourcepass.

Untitled design (3)

Events & Webinars

Dive into a dynamic calendar of webinars and in-person gatherings designed to illuminate the latest in managed IT services, cybersecurity, and automation.

Untitled design (3)

 

The Sourcepass Story

Sourcepass aims to be different. It is owned and operated by technology, security, and managed services experts who are passionate about delivering an IT experience that clients love.

Untitled design (3)

The Sourcepass Experience

At Sourcepass, we’re rewriting the IT and cybersecurity experience by helping businesses focus on what they do best, while we deliver the infrastructure, insights, and innovation to help them thrive.

Untitled design (3)

 

Get the eBook: Upcoming Updates to the HIPAA Security Rule

 
Get the eBook: Upcoming Updates to the HIPAA Security Rule

The U.S. Department of Health and Human Services (HHS) has issued a Notice of Proposed Rulemaking (NPRM) to update the HIPAA Security Rule. This modernization effort aims to better address today's cybersecurity threats and align with more mature frameworks like NIST CSF and NIST SP 800-53. While the rule is not yet finalized, it is expected to be by late 2025. This blog explores the upcoming changes and reasons to proactively address them.

 

Why is HIPAA Updating Security Rules Now?

 

Healthcare remains a prime target for cyberattacks, with IBM reporting a staggering 239% increase in cyberattacks on healthcare since 2018.

Patient records now average $50 per record on the dark web. HHS wants to ensure healthcare organizations, including Covered Entities and Business Associates, have stronger, clearer safeguards in place to protect sensitive information.

 

What Organizations are Impacted?

 

Any organization handling electronic Protected Health Information (ePHI) will be affected. This includes:

  • Healthcare providers (hospitals, clinics, private practices)
  • Health plans and insurers
  • Clearinghouses
  • Business associates (e.g., MSPs, cloud hosting providers, EHR vendors)


Significant Proposed Changes to HIPAA

 

 

Proposed HIPAA Security Rule Updates Include:

  • Annual Security Risk Assessments (SRAs)
  • System and asset inventories
  • Mandatory encryption of ePHI at rest and in transit
  • Multifactor Authentication (MFA) for privileged/admin access
  • Clear documentation and testing of audit logging, vulnerability management, and incident response plans
  • Formalized documentation and testing of contingency, disaster recovery (DR), and backup plans
  • Business Associate Agreements (BAAs) must include explicit terms for breach response, logging, encryption, and annual reviews
  • New focus on third-party tracking technology (e.g., cookies, session replay) as a source of unauthorized disclosure
  • Enhanced workforce training expectations

Reduced Breach Notification Timelines:

  • From 60 days to 30 days
  • Breaches affecting 500+ individuals must be reported within 72 hours


Is HIPAA Enforcing These Changes?

 

Not yet. The proposed rule is currently in the public comment phase, with final rulemaking expected later in 2025. However, early adoption is encouraged as many of the changes align with security best practices already recommended under NIST, ISO 27001, and CMMC.

 

Risks of Not Preparing Now

 

Organizations that delay preparation may face:

  • Higher costs of rushed compliance later
  • Missed opportunities for phased budgeting and implementation
  • Greater regulatory scrutiny if a breach occurs
  • Potential legal and reputational damage due to a lack of due diligence

 

GET THE FREE EBOOK

Navigating Upcoming Updates to the HIPAA Security Rule

 

Dive deeper into upcoming HIPAA security rule changes in our eBook! Navigate these updates with confidence with guidance from the IT experts at Sourcepass.

What's Inside:

  • The Role of an MSP in Ensuring Compliance
  • Benefits of Partnering with an Experienced MSP
  • Responsive Service & HIPAA Compliance​
  • Choosing the Right MSP
 

 

Screenshot 2025-05-23 at 9.42.10 AMDownload Now

 

 

Can You Wait Until the Final Rule is Published?

 

While you can wait, it is not advised. Many of the proposed changes are aligned with already accepted best practices (e.g., encryption, MFA, asset inventory). Waiting may:

  • Increase cost and complexity
  • Show lack of due diligence in the event of a breach or audit
  • Miss chances to improve security posture now

 


How Sourcepass Helps Healthcare Providers Prepare

 

Our Risk Advisory, Security Engineering, and Incident Response (IR) teams can assist with:

  • Security Risk Assessments (SRAs) 
  • Gap assessments and readiness checklists 
  • Roadmap development for HIPAA modernization 
  • Cybersecurity maturity benchmarking 
  • Incident response planning and tabletop exercises 
  • Support with vendor risk management processes 
  • Discovery session to understand existing environments

 

Stay Ahead of the Curve with Sourcepass Managed IT for Healthcare Organizations

 

By proactively addressing these changes, healthcare organizations can better safeguard patient information and ensure compliance with evolving regulations.

Contact Sourcepass to speak with a Sourcepass Specialist to learn more or download a copy of our eBook

 

Get in Touch with Sourcepass Experts