News & Analysis as of

Business Associates Data Privacy

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Maynard Nexsen

Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 243: HIPAA Compliance and Potential Changes with Shannon...

Maynard Nexsen on

This week on the podcast, Lynnsey and Lauren are joined by their colleague, Maynard Nexsen healthcare attorney Shannon Lipham, who helps healthcare providers and practices navigate complex federal and state regulations....more

Bass, Berry & Sims PLC

Court Vacates HIPAA 2024 Final Rule Related to Reproductive Health Care Privacy

Bass, Berry & Sims PLC on

On June 18, 2025, the U.S. District Court for the Northern District of Texas issued an opinion that vacates the 2024 final rule that enhanced privacy protections for protected health information (PHI) related to reproductive...more

Holland & Knight LLP

U.S. Health Data Affected by New National Security Restrictions on International Data Transfers

Holland & Knight LLP on

Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more

Jackson Lewis P.C.

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Jackson Lewis P.C. on

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more

Bradley Arant Boult Cummings LLP

Top 10 takeaways from the new HIPAA security rule NPRM

Bradley Arant Boult Cummings LLP on

On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more

Gardner Law

Recent Enforcement Reminds Companies: Assess HIPAA Compliance

Gardner Law on

A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more

Holland & Hart LLP

E-mailing and Texting PHI: Beware HIPAA

Holland & Hart LLP on

The HIPAA Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates to protect patient information stored or transmitted electronically, including...more

Health Care Compliance Association (HCCA)

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Health Care Compliance Association (HCCA) on

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

Bradley Arant Boult Cummings LLP

AI Meets HIPAA Security: Understanding HHS’s Risk Strategies and Proposed Changes

Bradley Arant Boult Cummings LLP on

In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more

Epstein Becker & Green

Proposed HIPAA Security Rule Updates May Significantly Impact Covered Entities and Business Associates

Epstein Becker & Green on

As we noted in our previous blog here, on January 6, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking (NPRM) proposing substantial revisions...more

Groom Law Group, Chartered

Biden Administration Proposes Beefed-Up HIPAA Security Rule… But Prognosis Uncertain

Groom Law Group, Chartered on

On January 6, 2025, the Biden Administration issued a new proposed rule updating the HIPAA Security Standards ( “Proposed Rule”). The original HIPAA Security Standards were issued in 2003 and updated in 2013 and require that...more

Alston & Bird

Health Plan Impact of HHS’s Proposed HIPAA Security Rule Update

Alston & Bird on

Our Employee Benefits & Executive Compensation Group highlights the HIPAA Security Rule’s proposed new compliance requirements for health plans, plan sponsors, and their business associates....more

Bradley Arant Boult Cummings LLP

HHS’s Proposed Security Rule Updates Could Require Group Health Plan Document Changes and New Plan Sponsor Security Practices

Bradley Arant Boult Cummings LLP on

Proposed regulations may require employers to invest additional resources to safeguard group health plan participants’ protected health information. In this installment of our blog series on the U.S. Department of Health...more

McGuireWoods LLP

HHS Proposed Rule May Enhance HIPAA Security but Leaves AI Questions Open

McGuireWoods LLP on

In response to increased cybersecurity threats and significant regulatory enforcement actions, on Dec. 27, 2024, the Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking seeking to enhance...more

Vorys, Sater, Seymour and Pease LLP

Proposed Update to the HIPAA Security Rule

Vorys, Sater, Seymour and Pease LLP on

In early January, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking. The Proposed Rule would modify the Security Standards for the Protection of...more

Bass, Berry & Sims PLC

Proposed Rulemaking to Strengthen HIPAA Security Rule

Bass, Berry & Sims PLC on

On January 6, the Department of Health and Human Services Office for Civil Rights (OCR) published a notice of proposed rulemaking (Proposed Rule) that would strengthen the requirements of the security rule promulgated...more

Husch Blackwell LLP

OCR Announces Proposed Updates to HIPAA Security Rule, Raises the Bar for Healthcare Cybersecurity

Husch Blackwell LLP on

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more

Wilson Sonsini Goodrich & Rosati

HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

Wilson Sonsini Goodrich & Rosati on

The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The...more

Wyrick Robbins Yates & Ponton LLP

Analyze This: OCR Kicks Off 2025 with Two New HIPAA Enforcement Actions Against Business Associates as Part of New Risk Analysis...

Wyrick Robbins Yates & Ponton LLP on

Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule.  As we...more

Cozen O'Connor

Proposed Changes to the HIPAA Security Rule Will Have a Significant Impact on the Health Care Sector

Cozen O'Connor on

A few days ago, the U.S. Department of Health and Human Services (“HHS”), through its Office for Civil Rights, issued the proposed rule HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health...more

Fisher Phillips

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures

Fisher Phillips on

The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more

Holland & Knight LLP

HIPAA Tidings: A Look at OCR's Recent Enforcement Actions

Holland & Knight LLP on

In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - January 27th - 30th, Orlando, FL

Health Care Compliance Association (HCCA) on

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

Health Care Compliance Association (HCCA)

BAAs: If and when third parties receiving PHI for research qualify as BAs under HIPAA

Health Care Compliance Association (HCCA) on

A business associate agreement (BAA) is a written contract between a covered entity (CE) and a business associate (BA) that—among other requirements—(1) establishes the permitted and required uses and disclosures of protected...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - December 9th - 12th, San Diego, CA

Health Care Compliance Association (HCCA) on

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

86 Results
 / 
View per page
Page: of 4
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide