The FBI issued a warning on June 27, 2025, that criminals impersonating healthcare insurers and fraud investigators are sending text messages and emails to healthcare providers and patients to trick them into providing...more
On June 18, 2025, the U.S. District Court for the Northern District of Texas issued an order in Purl v. United States Department of Health and Human Services, No. 2:24-CV-228-Z (N.D. Tex. 2025) (the June 18 Order) that...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently proposed a sweeping rewrite of the HIPAA Security Rule that, if finalized, will require that many Covered Entities and their...more
The healthcare sector has seen an alarming uptick in cybersecurity incidents, including ransomware attacks, in recent years. In response to these cybersecurity threats, New York State is ramping-up efforts to protect patient...more
11/12/2024
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Facilities ,
Hospitals ,
New York ,
PHI ,
Regulatory Requirements
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
7/2/2024
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reporting Requirements
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
Imagine you are a corporate Human Resources/Total Rewards leader who receives a request from a state’s law enforcement agency for health plan records about a plan participant’s abortions or other reproductive health care. How...more
6/4/2024
/ Abortion ,
Employee Benefits ,
Employee Privacy Rights ,
Employer Group Health Plans ,
Employer Liability Issues ,
Final Rules ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
PHI ,
Popular ,
Reproductive Healthcare Issues
It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s...more
5/23/2024
/ Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Benefits ,
Employer Group Health Plans ,
Final Rules ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
12/21/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Phishing Scams ,
Popular ,
Ransomware ,
Regulatory Oversight ,
Regulatory Requirements ,
Vulnerability Assessments
On July 20, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Federal Trade Commission (FTC)announced they were sending a joint letter to approximately 130 unidentified hospital...more
8/1/2023
/ Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Apps ,
OCR ,
Patient Privacy Rights ,
PHI ,
Telehealth ,
Tracking Systems
The Department of Health and Human Services Office for Civil Rights (OCR) issued a proposed rule on April 17, 2023, to amend provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen...more
5/26/2023
/ Abortion ,
Comment Period ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Proposed Rules ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Women's Rights
On April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach...more
The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for...more
4/5/2023
/ Breach Notification Rule ,
Data Collection ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Life Sciences ,
New Guidance ,
Personal Information ,
Tracking Systems
The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and...more
The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth...more
6/28/2022
/ Coronavirus/COVID-19 ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Security Rule ,
Infectious Diseases ,
New Guidance ,
OCR ,
Patient Access ,
Relief Measures ,
Remote Proceedings ,
Telehealth ,
Telemedicine
Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for...more
Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers...more
While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Vulnerability Assessments
Once an employee has been exposed to a suspected or confirmed case of COVID-19, what do you do? Once an employee has tested positive, what do you say?...more
Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services....more
3/18/2020
/ Anti-Discrimination Policies ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Privacy Rule ,
Infectious Diseases ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Public Health ,
Relief Measures ,
Sanctions ,
Secretary of HHS
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online...more
10/8/2019
/ Calculation of Penalties ,
Corrective Actions ,
Data Breach ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Notice of Privacy Practices ,
OCR ,
Online Reviews ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Regulatory Violations ,
Settlement ,
Social Media
Based on the results of the Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Phase 2 desk audits for covered entities, small and mid-sized providers (Smaller Providers) are on...more
April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA...more
5/2/2017
/ EHealth ,
Electronic Protected Health Information (ePHI) ,
FQHC ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Phishing Scams ,
Risk Management ,
Settlement ,
Telehealth
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more
2/8/2017
/ Civil Monetary Penalty ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Penalties ,
Personally Identifiable Information ,
PHI ,
Security Standards
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights...more