News & Analysis as of July 25, 2025

Cybersecurity

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

Top Healthcare Compliance Priorities for 2025

Health Care Compliance Association (HCCA) on 5/8/2025

Recently Protiviti released an intriguing report: Top Compliance Priorities for U.S. Healthcare Organizations in 2025. In this podcast their Global Healthcare Compliance Leader, Leyla Erkan, CHC, CHP, CHRC, shares some of the...more

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Jackson Lewis P.C. on 3/24/2025

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more

Time for Spring Cleaning – Is Your HIPAA House Ready?

Burr & Forman on 3/20/2025

When it comes to compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), is your house in order? Has someone recently looked underneath the counter and...more

Recent Enforcement Reminds Companies: Assess HIPAA Compliance

Gardner Law on 3/20/2025

A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more

HHS Proposal To Strengthen HIPAA Security Rule

Perkins Coie on 3/14/2025

Earlier this year, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) adopted a new proposal to strengthen the Health Insurance Portability and Accountability Act (HIPAA) security standards...more

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Health Care Compliance Association (HCCA) on 3/12/2025

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

Warby Parker Settles Data Breach Case with OCR for $1.5M

Robinson+Cole Data Privacy + Security Insider on 3/7/2025

Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more

Industry Groups Urge Rescission of Proposed HIPAA Security Rule Updates

Jackson Lewis P.C. on 3/6/2025

In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to...more

Key Takeaways: 7th Annual “Let’s Talk Compliance” Conference

Foley & Lardner LLP on 3/5/2025

Editor’s Note: PYA and Foley & Lardner hosted the 7th Annual “Let’s Talk Compliance” two-day virtual conference on January 23 and 24, 2025. Panelists included Foley attorneys and PYA subject matter experts. The event was...more

OCR Proposes Modification to HIPAA Security Rule

Benesch on 2/27/2025

In late December 2024, the Office of Civil Rights at the U.S. Department of Health and Human Services (“OCR”) issued a notice of proposed rulemaking to modify the Security Standards to the Protection of Electronic Protected...more

Nine Steps Healthcare Entities Should Take to Prevent Cyberattacks

Nilan Johnson Lewis PA on 2/24/2025

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently imposed a $1.5 million civil money penalty against Warby Parker, Inc., a manufacturer and online retailer of eyewear, for...more

HHS’s Proposed Security Rule Updates Will Require Adjustments to Accommodate Modern Vulnerability and Incident Response Issues

Bradley Arant Boult Cummings LLP on 2/21/2025

In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the proposed updates...more

Are Employees Receiving Regular Data Protection Training? Are They AI Literate?

Jackson Lewis P.C. on 2/19/2025

Employee security awareness training is a best practice and a “reasonable safeguard” for protecting the privacy and security of an organization’s sensitive data. The list of data privacy and cybersecurity laws mandating...more

Proposed Changes to the HIPAA Security Rule: What Regulated Entities Need to Know

ArentFox Schiff on 2/10/2025

In the final days of the Biden Administration, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Security Rule under the Health...more

We’ll Take the Fine: OCR’s ‘Unwarranted,’ Costly Demands Prompted Hospital’s $538K Payment

Health Care Compliance Association (HCCA) on 2/7/2025

The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more

Resolutions for Healthcare Providers: Part 1 of 2 – Cybersecurity, Privacy and HIPAA Compliance

Bodman on 2/4/2025

As the new year begins, it is useful to review your practice’s processes and policies to ensure that the practice operates with efficiency and remains compliant with ever-changing healthcare regulations....more

HHS OCR Releases Proposed Updates to HIPAA Security Rule

Paul Hastings LLP on 1/23/2025

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more

With Nod to OCR, Indiana Inks $350K Deal With Dental Firm Following Hack

Health Care Compliance Association (HCCA) on 1/22/2025

Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more

Slew of OCR activity underscores agency’s focus on security and AI

Hogan Lovells on 1/17/2025

Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more

Recent Developments in Health Care Cybersecurity and Oversight: 2024 Wrap Up and 2025 Outlook

Epstein Becker & Green on 1/16/2025

As Cyberattacks targeting the health care sector have continued to intensify over the past year, including ransomware attacks that have resulted in major data breaches impacting health care organizations, the protection of...more

Introducing Bradley’s Series on HHS’s Proposed HIPAA Security Rule Updates

Bradley Arant Boult Cummings LLP on 1/16/2025

Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule

Stoel Rives - Global Privacy & Security Blog® on 1/16/2025

“Through December 20, 2024, 575 security incidents involving unsecured protected health information affecting 500 or more individuals had been reported to Health and Human Services. Through the same date in 2023, 265...more

OCR Announces Proposed Updates to HIPAA Security Rule, Raises the Bar for Healthcare Cybersecurity

Husch Blackwell LLP on 1/15/2025

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more

HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

Wilson Sonsini Goodrich & Rosati on 1/15/2025

The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The...more

Analyze This: OCR Kicks Off 2025 with Two New HIPAA Enforcement Actions Against Business Associates as Part of New Risk Analysis...

Wyrick Robbins Yates & Ponton LLP on 1/14/2025

Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule. As we...more

135 Results

View per page

Page: of 6

Compliance › Health Insurance Portability and Accountability Act (HIPAA) › Cybersecurity

"My best business intelligence, in one easy email…"