Non-Compete Agreements: A Continued Shift
Non-compete agreements have been at the center of legal and regulatory conversations for several years. While a nationwide ban did not ultimately move forward, that does not mean these agreements are staying the same.
Instead, regulators have shifted to a more targeted approach—focusing on specific industries, with healthcare at the forefront.
At the center of this discussion is a key issue: patient choice.
Patients have the right to choose their providers and follow them between practices. When non-compete agreements restrict where a provider can practice, it can directly interfere with that right.
From a regulatory perspective, the concern is twofold:
- A provider’s ability to continue working within their field
- A patient’s ability to access care and maintain continuity
This shift is already influencing change at the state level. Several states have enacted laws limiting non-competes in healthcare, and additional legislation is being considered in states like New York and New Jersey.
For employers, this is a moment to reassess existing agreements. Provisions that were acceptable even a short time ago may no longer align with current trends or legal direction.
Employers should be evaluating whether agreements are:
- Reasonable in scope and duration
- Tied to legitimate business interests
- Still enforceable under current law
For business owners and employees, understanding the details of a non-compete—where it applies, how long it lasts, and whether it is enforceable—remains critical when making career decisions.
2026 HIPAA Updates: A Shift Toward Required Cybersecurity
At the same time, healthcare providers are preparing for another major shift—updated HIPAA requirements that place a much stronger emphasis on cybersecurity.
As technology continues to evolve, so do the risks. Increased reliance on digital systems, combined with the rise of AI and more sophisticated cyber threats, has led regulators to strengthen expectations around data protection.
One of the most significant changes is a shift in how HIPAA requirements are framed. What was previously considered “recommended” or “addressable” is now becoming mandatory. This represents a fundamental shift from general guidance to enforceable compliance.
Healthcare providers will be required to take a more structured approach, including conducting formal compliance audits every 12 months to ensure that security measures remain effective and risks are actively managed.
There is also an expansion in responsibilities for business associates. Third-party vendors and their subcontractors will be expected to provide written confirmation of their safeguards and notify covered entities—often within 24 hours—if a security incident occurs or access to protected information changes.
From a technical standpoint, expectations are also increasing. Providers should expect stricter requirements around:
- Multi-factor authentication
- Data encryption
- Protection of electronic patient information
For many organizations, these systems may already be in place, but they will no longer be optional under the new rules.
These changes are expected to take effect in mid-2026, with compliance deadlines toward the end of the year or early 2027. Preparing for them may require technology upgrades, additional training, and closer coordination with IT and legal professionals.
The importance of these updates cannot be overstated. In 2025 alone, more than $6.6 million in HIPAA fines were issued, many tied to inadequate safeguards and cybersecurity failures.
What This Means for Your Business
Both of these developments—changes to non-compete agreements and expanded HIPAA requirements—highlight the same underlying reality:
Compliance is no longer static.
Agreements, policies, and systems that worked in the past may not be sufficient moving forward.
This is the time to take a proactive approach by:
- Re-evaluating employment agreements
- Strengthening cybersecurity measures
- Updating business associate agreements
- Confirming appropriate insurance coverage
Taking these steps now can help prevent larger disruptions later.
Final Thoughts
Whether you are navigating employment agreements or protecting patient data, the expectation is clear—businesses must evolve alongside the legal and technological landscape.
Taking the time now to review, update, and strengthen your practices can help protect your business, your employees, and your patients.