Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the US Department of Health and Human Services Office for Civil Rights (OCR), which has made...more
On January 20, the US Department of Homeland Security (DHS) rescinded 2021 guidelines that previously designated hospitals, clinics, and other health care facilities as “protected areas” and limited immigration enforcement...more
3/12/2025
/ Data Privacy ,
Department of Homeland Security (DHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Immigration Procedures ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Privacy Laws ,
State Privacy Laws
In the final days of the Biden Administration, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Security Rule under the Health...more
2/10/2025
/ Artificial Intelligence ,
Audits ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Emerging Technologies ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Proposed Rules ,
Risk Management ,
Technology
As of December 23, health care providers, health plans, and health care clearinghouses (covered entities) and their business associates (collectively, regulated entities) must comply with new reproductive health care privacy...more
12/20/2024
/ Administrative Procedure Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues ,
SCOTUS ,
Statutory Interpretation ,
Texas ,
Trump Administration
On June 20, a federal district court in Texas ruled that the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) exceeded its authority under the Health Insurance Portability and Accountability Act...more
8/22/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Serious Health Conditions ,
Tracking Systems
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
6/19/2024
/ Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Investigations ,
OCR ,
PHI ,
Popular
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
5/29/2024
/ Attestation Requirements ,
Compliance ,
Covered Entities ,
Data Collection ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Investigations ,
Notice Requirements ,
OCR ,
PHI ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
SCOTUS
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
5/9/2024
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
PHI ,
Privacy Laws
With the recent passage of Assembly Bill (AB) 254 and AB 1697, California’s Confidentiality of Medical Information Act (CMIA) will extend privacy protections to reproductive and sexual health information on mobile...more
12/4/2023
/ California ,
Department of Health and Human Services (HHS) ,
Digital Service Providers ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Internet Privacy Protection Acts ,
Mobile Apps ,
OCR ,
Reproductive Healthcare Issues ,
Websites
A final rule published on July 3, 2023, empowers the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) to impose civil monetary penalties (CMP) of up to $1 million for unlawful acts of...more
8/4/2023
/ Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Final Rules ,
FTC Act ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Information Blocking Rules ,
OCR ,
OIG ,
ONC
As more states adopt consumer data privacy laws, Nevada and Washington stand out for their recent passage of legislation aimed specifically at protecting “consumer health data.” Both states’ laws are notably broad in their...more
Telehealth experienced massive growth during the COVID-19 pandemic, due in no small part to various regulatory and reimbursement policies that federal agencies implemented following a declaration by the US Department of...more
6/6/2023
/ CARES Act ,
Consolidated Appropriations Act (CAA) ,
Coronavirus/COVID-19 ,
DEA ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicare ,
OCR ,
Public Health Emergency ,
Regulatory Agenda ,
Reimbursements ,
SAMHSA ,
Telehealth
On February 17, 2023, the US Department of Health and Human Services Office for Civil Rights (OCR) released two companion reports to Congress detailing its actions in 2021 to enforce the privacy, security, and breach...more
4/4/2023
/ Audits ,
Civil Monetary Penalty ,
Compliance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
PHI
Most violations of the Health Information Portability and Accountability Act (HIPAA) are addressed through administrative enforcement action. But, in some circumstances of improper conduct affecting the privacy or security of...more
The recently unveiled California Health and Human Services Data Exchange Framework (the Framework) creates a new regulatory and governance structure to promote the exchange of health information between health care providers...more
9/9/2022
/ California ,
Data Privacy ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Governance Standards ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Medi-Cal ,
PHI ,
Physicians ,
Policies and Procedures
The HHS Office for Civil Rights (OCR) recently imposed a $50,000 civil monetary penalty on a dental practice that disclosed patient-identifying information in response to a negative online review. The case is a reminder that...more
8/1/2022
/ Business Development ,
Civil Monetary Penalty ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
PHI ,
Risk Management ,
Social Media ,
Websites
The US Department of Health and Human Services’ (HHS) declaration that COVID-19 remains a public health emergency (PHE) will continue through July 15, 2022, and is expected to be renewed again through October 13, 2022....more
6/23/2022
/ California ,
Centers for Medicare & Medicaid Services (CMS) ,
CMIA ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Public Health Emergency ,
Public Health Service Act
The HHS Office for Civil Rights is requesting comments about HIPAA covered entities’ and business associates’ implementation of “recognized security practices” and payments to “harmed individuals” from funds the agency...more