Effective July 1, hospitals and other healthcare institutions licensed in Virginia are required to establish a workplace violence reporting system to track, analyze and respond to incidents of workplace violence. Under the...more
In a sweeping decision published in June, a federal court in Texas struck down most of the HIPAA Rule to Support Reproductive Health Care Privacy (Reproductive Health Rule) enacted in 2024 under the Biden administration to...more
7/16/2025
/ Biden Administration ,
Compliance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Privacy Rule ,
Injunctions ,
Legislative Agendas ,
New Legislation ,
Regulatory Requirements ,
Reproductive Healthcare Issues ,
SCOTUS ,
Texas ,
Trump v CASA
On Wednesday, June 18, 2025, the Supreme Court of the United States issued a landmark 6-3 decision in United States v. Skrmetti, directly addressing the constitutionality of state laws banning gender-affirming care for...more
6/19/2025
/ Attorney General ,
Bostock v Clayton County Georgia ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Equal Protection ,
Executive Orders ,
Fourteenth Amendment ,
Gender Identity ,
Healthcare ,
Healthcare Reform ,
Legislative Agendas ,
New Legislation ,
SCOTUS ,
State Bans ,
Transgender ,
Trump Administration ,
United States v Skrmetti
The U.S. Department of Health and Human Services, Office of Civil Rights (OCR) recently updated its controversial, year-old guidance document on the use of online tracking technologies by healthcare providers and other...more
4/29/2024
/ American Hospital Association ,
Business Associates ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Hospitals ,
OCR ,
PHI ,
Regulatory Requirements ,
Technology ,
Tracking Systems ,
Web Tracking
Principal Liz Heddleston was recently interviewed by HCPro for a story published on April 8, 2024, discussing the rising threat of ransomware attacks for healthcare providers. The story highlights lessons learned from a...more
A healthcare organization’s online presence is an important component of its reputation. Occasionally, dissatisfied patients will post negative reviews about healthcare services on social media and customer review platforms...more
8/3/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Internet ,
OCR ,
Online Commentary ,
Online Platforms ,
Online Reputation ,
Online Reviews ,
Websites
Washington state’s My Health, My Data Act (the Act), signed into law in April 2023, is a broad health data privacy law designed to protect consumer health data that falls outside the scope of HIPAA, such as health-related...more
5/31/2023
/ Consent ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data-Sharing ,
Disclosure ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
Proposed Regulation ,
State and Local Government ,
Washington
Healthcare providers and other regulated entities should take note of proposed changes to the Information Blocking Rule. If enacted, the revised regulations would mark the first substantive update to the rule since it went...more
A patient surfs a hospital system’s website and reads an article about depression and anxiety. The patient then searches the hospital’s website for mental health providers in the area. A few hours later, the patient logs into...more
4/4/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marketing ,
New Guidance ,
OCR ,
Personal Information ,
PHI ,
Privacy Laws ,
Technology Sector ,
Web Tracking
A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more
11/10/2022
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
Penalties ,
Policies and Procedures
Elizabeth Barry Heddleston Associate Now is a great time for healthcare providers to assess their compliance with HIPAA’s right of access requirements. Not only is this a hot area of enforcement, patients’ rights to access...more
2/22/2021
/ Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
OCR ,
Records Request ,
Right of Access ,
Risk Management