2024 Notice of proposed rulemaking (NPRM) to overhaul the HIPAA Security Rule would require written security policies to be reviewed and updated at least annually, with specific documentation requirements for technology asset inventories, risk assessments, incident response plans, and business associate security certifications.

The ISO/IEC 27001 standard requires organizations to establish an information