On July 11, 2025, the U.S. Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) posted a report that announced the findings of a cybersecurity audit it conducted of a large Northeastern...more
The Office for Civil Rights (“OCR”) under the U.S. Department of Health and Human Services (“HHS”) recently issued a Notice of Proposed Rulemaking (the “Proposed Rule”) to modify the Health Insurance Portability and...more
The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently released a revised version of its guidance titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business...more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
1/26/2022
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Reporting Requirements
2020 was an active year for HIPAA regulatory activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In this article, we take a look at some of the HIPAA highlights from 2020 and...more
We have previously commented on OCR’s exercise of enforcement discretion and accompanying FAQs for covered entities during the COVID-19 public health emergency....more