On June 18, 2025, the U.S. District Court for the Northern District of Texas issued an opinion that vacates the 2024 final rule that enhanced privacy protections for protected health information (PHI) related to reproductive...more
6/23/2025
/ Attestation Requirements ,
Business Associates ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Judicial Authority ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Vacated
On January 6, the Department of Health and Human Services Office for Civil Rights (OCR) published a notice of proposed rulemaking (Proposed Rule) that would strengthen the requirements of the security rule promulgated...more
Current and potential patients are taking to the internet to share opinions and make decisions about healthcare providers. Good reviews can convert prospective healthcare consumers into patients, while bad reviews,...more
10/10/2024
/ Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Online Reviews ,
Patient Privacy Rights ,
Patients ,
PHI ,
Statutory Violations ,
Testimonial Statements
On March 18, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released updated guidance to “increase clarity” for entities regulated by the Health Insurance Portability and Accountability...more
On February 8, 2024, the U.S. Department of Health & Human Services, through the Substance Abuse and Mental Health Services Administration and the Office for Civil Rights (collectively, HHS), issued a Final Rule that amends...more
3/1/2024
/ Confidential Information ,
Consent ,
Effective Date ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Notice Requirements ,
OCR ,
Patient Privacy Rights ,
Substance Abuse
Washington’s My Health My Data Act (MHMDA) was enacted in an effort to close a perceived gap in privacy protection for consumer health data. MHMDA’s focus on consumer health data and right of private action deviate from...more
2/5/2024
/ Consent Agreements ,
Data Collection ,
Data Selling ,
Data-Sharing ,
Enforcement ,
Families First Coronavirus Response Act (FFCRA) ,
FERPA ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mental Health ,
PHI ,
Privacy Laws ,
Small Business ,
Summary of Consumer Rights
In response to the number of successful, large-scale ransomware attacks affecting healthcare organizations nearly tripling since 2018, the Department of Health and Human Services (HHS) has released guidance outlining its...more
1/30/2024
/ Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
New Guidance ,
Popular ,
Regulatory Agenda
On April 13, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) released a Notice of Proposed Rulemaking (NPRM) to amend the HIPAA Privacy Rule, 45 C.F.R. Part 160 and Part 164, Subparts A...more
4/18/2023
/ Comment Period ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Public Comment ,
Reproductive Healthcare Issues
On April 28, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) entered into a resolution agreement with Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories...more
5/27/2021
/ Covered Entities ,
Department of Health and Human Services (HHS) ,
Due Diligence ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Privacy Rule ,
Holding Companies ,
Noncompliance ,
OCR ,
PHI ,
Private Equity Firms ,
Settlement ,
Telehealth
On December 10, 2020, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) released a notice of proposed rulemaking (NPRM) to amend the Standards for the Privacy of Individually Identifiable Health...more
1/5/2021
/ Caregivers ,
Family Members ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Information Sharing ,
Notice of Privacy Practices ,
NPRM ,
OCR ,
PHI ,
Proposed Amendments ,
Proposed Rules ,
Right-To-Access ,
Value-Based Care
On March 9, 2020, the U.S. Department of Health and Human Services (HHS) published final rules to implement the information blocking prohibitions of the 21st Century Cures Act (Information Blocking Rules). The Information...more
Responding to the COVID-19 national public health emergency, on March 13, 2020, the Secretary of the U.S. Department of Health and Human Services (HHS) exercised the authority granted by Section 1135 of the Social Security...more
3/18/2020
/ Coronavirus/COVID-19 ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Employee Privacy Rights ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Patient Privacy Rights ,
PHI ,
Popular ,
State of Emergency ,
Telehealth ,
Waivers
Enforcement activity by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) showed no signs of slowing throughout 2018 and has already picked up speed in 2019. More recent and significant actions...more
4/25/2019
/ Administrative Law Judge (ALJ) ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Compliance ,
Cybersecurity ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI
On December 13, 2016, President Obama signed the 21st Century Cures Act (the Cures Act) into law. The Cures Act addresses a wide range of healthcare topics including clinical research, treatment of mental health and substance...more
12/19/2016
/ 21st Century Cures Act ,
Barack Obama ,
Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
National Institute of Health (NIH) ,
New Legislation ,
OCR ,
OIG ,
Patient Access ,
PHI ,
Privacy Policy