Keeping Current in 2026 With a Changing Regulatory Environment

Staying current with the ever-changing healthcare regulatory environment in 2026 will be increasingly challenging, particularly given the rapid pace of change under a new administration. It will require a combination of continuous learning, real-time monitoring, professional engagement, and strategic compliance planning. Regulations are shifting on multiple fronts, including cybersecurity and data privacy, accelerated adoption of artificial intelligence (AI), interoperability, changing payer rules, and increased federal and state oversight. These dynamics demand the development of strong internal systems to track policy activity and investment in a proactive strategy for compliance. The following are key strategies for Compliance Officers to consider:

1. Subscribe to official government and agency updates, including those at the Office of Inspector General (OIG), Centers for Medicare & Medicaid Services (CMS), Food and Drug Administration (FDA), and state health departments that publish rules, proposed changes, and compliance timelines. Automated feeds and email alerts help ensure critical updates are not missed.
2. Establish a compliance communication plan to timely alert employees and leadership regarding new or revised rules and standards, along with clear guidance on required action.
3. Consider investing in regulatory intelligence tools tailored to healthcare, such as third-party regulatory tracking platforms, compliance dashboards that centralize updates, and AI-enabled alert systems that surface relevant changes quickly, assist in managing workflows, and prioritize what is most relevant.
4. Attend conferences and webinars that provide updates and guidance into changing regulatory standards and enforcement trends; and subscribe to blogs and industry publications that provide updated compliance information.
5. Encourage staff to obtain professional certifications through organizations such as the Health Care Compliance Association (HCCA) and other recognized organizations.
6. Monitor HIPAA Privacy and Security rules and (a) update training annually, b) ensure annual penetration testing, (c) conduct enhanced risk assessments, and (d) provide stronger vendor oversight and access controls.
7. Expect complex multi-jurisdiction compliance, as states such as California and New York continue to introduce unique regulatory requirements that impact the implementation of services and tools.
8. Develop a cross-functional team that includes Compliance, Legal, IT/Security, Clinical and Operations staff to ensure regulatory changes are implemented promptly and effectively.

For more information on this topic, contact [email protected].

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.