On Wednesday, June 18, 2025, the Supreme Court of the United States issued a landmark 6-3 decision in United States v. Skrmetti, directly addressing the constitutionality of state laws banning gender-affirming care for...more
6/19/2025
/ Attorney General ,
Bostock v Clayton County Georgia ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Equal Protection ,
Executive Orders ,
Fourteenth Amendment ,
Gender Identity ,
Healthcare ,
Healthcare Reform ,
Legislative Agendas ,
New Legislation ,
SCOTUS ,
State Bans ,
Transgender ,
Trump Administration ,
United States v Skrmetti
The U.S. Department of Health and Human Services, Office of Civil Rights (OCR) recently updated its controversial, year-old guidance document on the use of online tracking technologies by healthcare providers and other...more
4/29/2024
/ American Hospital Association ,
Business Associates ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Hospitals ,
OCR ,
PHI ,
Regulatory Requirements ,
Technology ,
Tracking Systems ,
Web Tracking
Principal Liz Heddleston was recently interviewed by HCPro for a story published on April 8, 2024, discussing the rising threat of ransomware attacks for healthcare providers. The story highlights lessons learned from a...more
A patient surfs a hospital system’s website and reads an article about depression and anxiety. The patient then searches the hospital’s website for mental health providers in the area. A few hours later, the patient logs into...more
4/4/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Marketing ,
New Guidance ,
OCR ,
Personal Information ,
PHI ,
Privacy Laws ,
Technology Sector ,
Web Tracking
A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more
11/10/2022
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
Penalties ,
Policies and Procedures
Elizabeth Barry Heddleston Associate Now is a great time for healthcare providers to assess their compliance with HIPAA’s right of access requirements. Not only is this a hot area of enforcement, patients’ rights to access...more
2/22/2021
/ Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
OCR ,
Records Request ,
Right of Access ,
Risk Management