What Changed? The "Addressable" Loophole Is Gone.
Since HIPAA's Security Rule was finalized in 2003, encryption has been classified as an "addressable" implementation specification under §164.312(a)(2)(iv) and §164.312(e)(2)(ii). "Addressable" never meant optional — but it functioned that way in practice. Covered entities could perform a risk assessment, conclude that encryption was "not reasonable and appropriate," document an equivalent alternative measure, and move on. Many did exactly that. Some documented nothing at all.
The 2026 Security Rule update — part of HHS's broader modernization of HIPAA for cloud, AI, and telehealth — reclassifies encryption from "addressable" to "required." There is no risk-assessment bypass. There is no equivalent alternative. If you store, transmit, or process ePHI, you encrypt it. Period.
Before (2003–2025): Encryption was "addressable." Covered entities could document why they chose not to encrypt and implement an alternative safeguard.
After (2026): Encryption is "required." ePHI must be encrypted at rest using AES-256 (or equivalent NIST-approved cipher) and in transit using TLS 1.2 or higher. No exceptions. No alternative measures. Non-compliance triggers enforcement action.
This matters because the majority of healthcare data breaches in the last five years involved unencrypted data — laptops, USB drives, misconfigured cloud storage, unencrypted email. HHS looked at breach reports, saw the same root cause repeating, and closed the door.
The New Requirements
The updated rule specifies concrete encryption standards for the first time. Here is what covered entities and business associates must implement:
| Requirement | Standard | Applies To | Deadline |
|---|---|---|---|
| Encryption at rest | AES-256 (NIST-approved) | All ePHI in databases, file systems, backups, removable media | 2026 |
| Encryption in transit | TLS 1.2+ (TLS 1.3 recommended) | All ePHI transmitted over networks, APIs, email | 2026 |
| Field-level encryption | Application-layer encryption of PHI fields | Names, SSNs, MRNs, diagnoses, prescription data | 2026 |
| Key management | NIST SP 800-57 compliant key lifecycle | All encryption keys protecting ePHI | 2026 |
| Audit logging | Tamper-evident logs of encryption/decryption events | All access to encrypted ePHI | 2026 |
| Annual assessment | Documented review of encryption posture | All covered entities and BAs | Annually |
Field-level encryption deserves special attention. Database-level encryption (TDE) protects against stolen disks but not against SQL injection, insider threats, or compromised application servers. The new rule pushes organizations toward encrypting individual PHI fields before they hit the database — so even a full database dump yields ciphertext.
For a deeper look at how post-quantum cryptography fits into HIPAA compliance, see our guide: H33-Health: Post-Quantum HIPAA Compliance.
Why AES-256 Isn't Enough
AES-256 is an excellent symmetric cipher. Grover's algorithm on a quantum computer reduces its effective strength to 128 bits — still considered secure. The cipher itself is not the problem. The problem is the key exchange.
Every TLS connection, every encrypted API call, every key-wrap operation relies on an asymmetric key exchange to establish the AES session key. Today, that's almost always RSA-2048 or ECDH (P-256/P-384). Both are completely broken by Shor's algorithm running on a cryptographically relevant quantum computer (CRQC).
Nation-state adversaries are already recording encrypted healthcare traffic today. When quantum computers reach sufficient scale (NSA estimates mid-2030s, others sooner), they can retroactively decrypt every recorded session. Patient records have regulatory retention requirements of 6–30 years. Data encrypted with RSA key exchange in 2026 could be readable by 2035.
This isn't speculative. NSA's CNSA 2.0 guidance already mandates post-quantum algorithms for national security systems by 2030–2035. Healthcare data — with its long retention periods and high sensitivity — faces the same threat model. AES-256 is necessary but not sufficient. You need quantum-safe key exchange (Kyber/ML-KEM) protecting those AES keys.
For a comprehensive look at harvest-now-decrypt-later attacks: Harvest Now, Decrypt Later Protection.
The Quantum-Safe HIPAA Stack
Meeting the 2026 requirements is table stakes. Forward-looking healthcare organizations should build a stack that remains compliant through the quantum transition. Here's the architecture:
| Layer | Component | Purpose | HIPAA Requirement |
|---|---|---|---|
| 1. Key Exchange | Kyber-1024 (ML-KEM-1024) | Quantum-safe session key establishment | Encryption in transit |
| 2. Data Encryption | AES-256-GCM | Symmetric encryption of ePHI at rest and in transit | Encryption at rest + in transit |
| 3. Audit Signatures | Dilithium-5 (ML-DSA-87) | Tamper-evident, quantum-safe audit trail | Audit logging |
| 4. Computation | BFV Fully Homomorphic Encryption | Process ePHI without decryption | Beyond compliance — eliminates exposure |
Layer 1 is critical. Kyber-1024 replaces RSA/ECDH in the key exchange, ensuring that even a quantum adversary recording today's traffic cannot recover the AES-256 session keys. Layer 3 ensures your audit logs can't be forged decades from now — important when HIPAA requires 6-year record retention and some states mandate 10+. Layer 4 is the differentiator: with FHE, you don't just protect data at rest and in transit, you protect it during computation.
For details on quantum-safe healthcare encryption: Quantum-Resistant Encryption for Healthcare.
FHE — Compute Without Decrypting
Fully Homomorphic Encryption is the only technology that lets you process encrypted data without ever decrypting it. For healthcare, this is transformative:
- Patient matching — Compare encrypted demographic records across hospital systems without exposing PII. No clearinghouse sees plaintext.
- Clinical analytics — Run aggregate queries (average A1C by cohort, readmission rates, population health metrics) on encrypted datasets.
- Biometric authentication — Verify clinician identity against encrypted biometric templates. The template never decrypts on the server.
- Insurance claims processing — Evaluate claims against policy rules without the processor ever seeing the patient's diagnosis or treatment details.
- Research collaboration — Multi-site clinical trials share encrypted data for joint analysis. No IRB exception needed for data sharing because no data is shared in the clear.
H33's BFV implementation processes 32 encrypted biometric authentications in a single ciphertext batch at 38.5 microseconds per authentication. That's not a lab number — it's the production benchmark on Graviton4 at 96 workers.
HIPAA requires you to encrypt data at rest and in transit. FHE extends that protection to data in use. There is no decryption event, so there is no exposure window. If your compute environment is compromised, the attacker gets ciphertext — which is mathematically useless without the private key.
Explore real-world healthcare FHE applications: FHE Healthcare Applications.
What About AI?
Every health system wants to deploy AI — clinical decision support, predictive analytics, NLP on clinical notes, radiology co-pilots. The problem: feeding patient data into an LLM means decrypting it, sending it to a model server (often third-party), and hoping the infrastructure is HIPAA-compliant. OpenAI offers a BAA for ChatGPT Enterprise, but the data is still decrypted during inference. That's the exposure window.
FHE eliminates it. With H33's encrypted inference pipeline:
- The health system encrypts the clinical note client-side with their FHE public key.
- The encrypted ciphertext is sent to the AI inference server.
- The model runs inference on the ciphertext — pattern matching, classification, entity extraction — all on encrypted data.
- The encrypted result is returned to the health system.
- Only the health system can decrypt the result with their private key.
The AI provider never sees plaintext. There's no BAA required because no PHI is disclosed. The model doesn't need HIPAA compliance because it never processes unencrypted health data.
For a deep dive on AI and HIPAA: Is ChatGPT HIPAA Compliant?
Implementation Checklist
Here's the practical path from "we know we need to encrypt" to "we're quantum-safe and HIPAA-compliant":
- Audit your ePHI inventory. Map every system, database, API, file share, and backup that stores or transmits ePHI. You can't encrypt what you haven't found.
- Enable AES-256 at rest everywhere. Database TDE, volume encryption (LUKS, BitLocker), S3 SSE-KMS. This satisfies the baseline 2026 requirement.
- Enforce TLS 1.2+ in transit. Disable TLS 1.0/1.1. Configure HSTS. Audit all internal service-to-service traffic — not just external endpoints.
- Add field-level encryption for PHI columns. Encrypt names, SSNs, MRNs, diagnoses, and prescription data at the application layer before database writes.
- Implement NIST SP 800-57 key management. Key rotation schedules, HSM storage for master keys, documented key lifecycle procedures.
- Deploy quantum-safe key exchange. Wrap your AES-256 keys with Kyber-1024. This future-proofs against harvest-now-decrypt-later.
- Add quantum-safe audit signatures. Sign your audit logs with Dilithium to ensure tamper evidence survives the quantum transition.
- Evaluate FHE for sensitive compute. Patient matching, analytics on encrypted data, AI inference — identify use cases where decryption during processing creates unacceptable risk.
Here's how to encrypt a FHIR Patient resource with H33's API in a single call:
curl -X POST https://api.h33.ai/v1/encrypt \
-H "Authorization: Bearer h33_pk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"scheme": "AES-256-GCM",
"key_exchange": "kyber-1024",
"audit_signature": "dilithium-5",
"data": {
"resourceType": "Patient",
"id": "pat-38291",
"name": [{"family": "Garcia", "given": ["Maria"]}],
"birthDate": "1987-04-12",
"identifier": [
{"system": "http://hl7.org/fhir/sid/us-ssn", "value": "123-45-6789"},
{"system": "urn:oid:2.16.840.1.113883.19.5", "value": "MRN-00482910"}
],
"condition": [
{"code": {"text": "Type 2 Diabetes Mellitus"}, "onsetDateTime": "2019-08-15"}
]
},
"field_level": ["name", "birthDate", "identifier", "condition"]
}'Response includes the encrypted payload, a Kyber-1024 encapsulated key, and a Dilithium-5 signature over the ciphertext for your audit trail. One API call. Full HIPAA encryption coverage — with quantum-safe key exchange included.
{
"id": "enc_8f3a1b2c4d5e",
"scheme": "AES-256-GCM",
"key_exchange": "kyber-1024",
"encrypted_fields": ["name", "birthDate", "identifier", "condition"],
"encapsulated_key": "base64::ML-KEM-1024...",
"ciphertext": "base64::AES-256-GCM...",
"audit": {
"signature_algorithm": "ML-DSA-87",
"signature": "base64::Dilithium-5...",
"timestamp": "2026-03-23T14:30:00Z",
"event": "encrypt",
"resource_id": "pat-38291"
},
"hipaa_compliant": true,
"quantum_safe": true
}Pricing for Healthcare
H33's MedVault tier is purpose-built for healthcare organizations that need HIPAA-compliant encryption with post-quantum protection and FHE compute.
| Feature | Free Tier | MedVault | Enterprise |
|---|---|---|---|
| Encrypt/Decrypt API calls | 1,000/month | Unlimited | Unlimited |
| AES-256-GCM | Yes | Yes | Yes |
| Kyber-1024 key exchange | Yes | Yes | Yes |
| Dilithium audit signatures | — | Yes | Yes |
| FHE compute | — | Yes (BFV + CKKS) | Yes + custom schemes |
| Field-level encryption | Yes | Yes | Yes |
| BAA included | — | Yes | Yes |
| Epic EHR integration | — | Pre-built connector | Custom integration |
| FHIR R4 support | Yes | Yes | Yes |
| SOC 2 Type II | — | Report available | Report available |
| Dedicated support | Community | Email + Slack | 24/7 + named CSM |
The free tier includes quantum-safe key exchange on every call. There's no reason for any healthcare organization — from a solo practitioner to a 50-hospital IDN — to deploy classical-only encryption in 2026. Start with the free tier, validate the integration, and upgrade when you need FHE compute or the BAA.
H33-Health provides the full healthcare platform including encrypted patient matching, HIPAA-compliant AI inference, and Epic/Cerner/FHIR integrations.