On January 20, the US Department of Homeland Security (DHS) rescinded 2021 guidelines that previously designated hospitals, clinics, and other health care facilities as “protected areas” and limited immigration enforcement...more
3/12/2025
/ Data Privacy ,
Department of Homeland Security (DHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Immigration Procedures ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Privacy Laws ,
State Privacy Laws
As of December 23, health care providers, health plans, and health care clearinghouses (covered entities) and their business associates (collectively, regulated entities) must comply with new reproductive health care privacy...more
12/20/2024
/ Administrative Procedure Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Loper Bright Enterprises v Raimondo ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues ,
SCOTUS ,
Statutory Interpretation ,
Texas ,
Trump Administration
On June 20, a federal district court in Texas ruled that the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) exceeded its authority under the Health Insurance Portability and Accountability Act...more
8/22/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Serious Health Conditions ,
Tracking Systems
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
6/19/2024
/ Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Investigations ,
OCR ,
PHI ,
Popular
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
5/29/2024
/ Attestation Requirements ,
Compliance ,
Covered Entities ,
Data Collection ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Investigations ,
Notice Requirements ,
OCR ,
PHI ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
SCOTUS
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
5/9/2024
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
PHI ,
Privacy Laws
As more states adopt consumer data privacy laws, Nevada and Washington stand out for their recent passage of legislation aimed specifically at protecting “consumer health data.” Both states’ laws are notably broad in their...more
On February 17, 2023, the US Department of Health and Human Services Office for Civil Rights (OCR) released two companion reports to Congress detailing its actions in 2021 to enforce the privacy, security, and breach...more
4/4/2023
/ Audits ,
Civil Monetary Penalty ,
Compliance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
PHI
Most violations of the Health Information Portability and Accountability Act (HIPAA) are addressed through administrative enforcement action. But, in some circumstances of improper conduct affecting the privacy or security of...more
The recently unveiled California Health and Human Services Data Exchange Framework (the Framework) creates a new regulatory and governance structure to promote the exchange of health information between health care providers...more
9/9/2022
/ California ,
Data Privacy ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Governance Standards ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Medi-Cal ,
PHI ,
Physicians ,
Policies and Procedures
The HHS Office for Civil Rights (OCR) recently imposed a $50,000 civil monetary penalty on a dental practice that disclosed patient-identifying information in response to a negative online review. The case is a reminder that...more
8/1/2022
/ Business Development ,
Civil Monetary Penalty ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
PHI ,
Risk Management ,
Social Media ,
Websites