For AI companies in the health care space, data is everything. It fuels model performance, drives product differentiation, and can make or break scalability. Yet too often, data rights are vaguely defined or completely...more
6/26/2025
/ Artificial Intelligence ,
Contract Terms ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Liability ,
Patient Privacy Rights ,
PHI ,
Regulatory Requirements ,
Risk Management
Share on Twitter Share by Email Share Back to top HIPAA Security Risk Analyses (SRAs) should be the foundation of every digital health company’s cybersecurity compliance. Far more than a checkbox exercise, a comprehensive SRA...more
6/19/2025
/ Acquisitions ,
Artificial Intelligence ,
Cybersecurity ,
Data Security ,
Digital Health ,
Due Diligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
HIPAA Security Rule ,
Mergers ,
OCR ,
PHI ,
Risk Management ,
Vendors
AI scribes are quickly becoming the digital sidekick of modern health care. They promise to reduce clinician burnout, streamline documentation, and improve the patient experience. But as health care providers and digital...more
6/10/2025
/ Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Machine Learning ,
PHI ,
Popular ,
Risk Management
Artificial intelligence (AI) is rapidly reshaping the digital health sector, driving advances in patient engagement, diagnostics, and operational efficiency. However, for Privacy Officers, AI’s integration into digital health...more
5/9/2025
/ Artificial Intelligence ,
Bias ,
Compliance ,
Data Privacy ,
Data Security ,
Digital Health ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
1/7/2025
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Multi-Factor Authentication ,
NIST ,
Notice of Proposed Rulemaking (NOPR) ,
Policies and Procedures ,
Proposed Rules ,
Ransomware ,
Risk Management
Data breach class actions are again on the rise, with a recent report by Lex Machina confirming what many cybersecurity practitioners have seen first-hand over the last two years. The findings also reaffirm longstanding best...more
7/23/2024
/ Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Investment ,
Multidistrict Litigation ,
Popular ,
Risk Assessment ,
Risk Management ,
SCOTUS ,
Supply Chain ,
TransUnion LLC v Ramirez
Preparation for operations after the end of the Public Health Emergency (PHE) have commenced. HHS released guidance on using remote communication technologies for audio-only telehealth services in compliance with HIPAA. In...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more
1/15/2021
/ Audits ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
Notice of Privacy Practices ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Right of Access ,
Risk Management ,
Security Risk Assessments