News & Analysis as of August 11, 2025

Privacy Laws

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

Federal Court Strikes Down HIPAA Reproductive Health Privacy Rule – What it Means for Health Plan Compliance

Stinson - Benefits Notes Blog on 6/30/2025

In a landmark decision, a federal district court in Texas struck down nearly all of the 2024 amendments to the HIPAA Privacy Rule, known as the Reproductive Health Privacy Rule (the “Rule”), ruling that the Department of...more

Former OCR Director Fontes Rainer Reflects On ‘Imperfect’ RSP Law, Urges Final Security Reg

Health Care Compliance Association (HCCA) on 5/12/2025

In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more

HIPAA Compliance for AI in Digital Health: What Privacy Officers Need to Know

Foley & Lardner LLP on 5/9/2025

Artificial intelligence (AI) is rapidly reshaping the digital health sector, driving advances in patient engagement, diagnostics, and operational efficiency. However, for Privacy Officers, AI’s integration into digital health...more

[Event] Healthcare Privacy Compliance Academy - June 9th - 12th, Pittsburgh, PA

Health Care Compliance Association (HCCA) on 4/22/2025

HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more

HHS OCR Settles HIPAA Security Rule Investigation with Health Fitness Corporation

Foley Hoag LLP - Security, Privacy and the... on 3/24/2025

On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more

Recent Enforcement Reminds Companies: Assess HIPAA Compliance

Gardner Law on 3/20/2025

A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more

E-mailing and Texting PHI: Beware HIPAA

Holland & Hart LLP on 3/19/2025

The HIPAA Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates to protect patient information stored or transmitted electronically, including...more

[Event] Healthcare Privacy Compliance Academy - March 24th - 27th, Chicago, IL

Health Care Compliance Association (HCCA) on 3/19/2025

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Health Care Compliance Association (HCCA) on 3/12/2025

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

Latest Installment of our Mintz Matrix!

Mintz - Privacy & Cybersecurity Viewpoints on 3/3/2025

Please visit here to visit our Mintz Matrix page with the latest edition of the Mintz Matrix, which is a 50-state resource we have maintained since 2009 to break down and summarize requirements of U.S. state data breach...more

OCR Proposes Modification to HIPAA Security Rule

Benesch on 2/27/2025

In late December 2024, the Office of Civil Rights at the U.S. Department of Health and Human Services (“OCR”) issued a notice of proposed rulemaking to modify the Security Standards to the Protection of Electronic Protected...more

Are Employees Receiving Regular Data Protection Training? Are They AI Literate?

Jackson Lewis P.C. on 2/19/2025

Employee security awareness training is a best practice and a “reasonable safeguard” for protecting the privacy and security of an organization’s sensitive data. The list of data privacy and cybersecurity laws mandating...more

We’ll Take the Fine: OCR’s ‘Unwarranted,’ Costly Demands Prompted Hospital’s $538K Payment

Health Care Compliance Association (HCCA) on 2/7/2025

The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more

New York's Health Information Privacy Act Aims to Strictly Regulate Consumer Health Data

Ropes & Gray LLP on 2/5/2025

On January 22, 2025, the New York State Assembly and Senate rapidly passed the wide-ranging New York Health Information Privacy Act (“NY HIPA”). If not vetoed by Governor Kathy Hochul, NY HIPA would be the fourth enacted...more

Resolutions for Healthcare Providers: Part 1 of 2 – Cybersecurity, Privacy and HIPAA Compliance

Bodman on 2/4/2025

As the new year begins, it is useful to review your practice’s processes and policies to ensure that the practice operates with efficiency and remains compliant with ever-changing healthcare regulations....more

New York Passes Restrictive Health Information Privacy Act

McDermott Will & Schulte on 1/27/2025

On January 22, 2025, the New York Assembly passed Senate Bill S929, titled the New York Health Information Privacy Act (New York HIPA). The act is now on its way to Governor Kathy Hochul for her signature. If signed into...more

Significant New HIPAA Obligations on Their Way for 2025

Buchalter on 1/27/2025

The Department of Health & Human Services (HHS) issued proposed changes to the HIPAA Security Rule (“Proposed Rule”) on January 6, 2025, and is accepting comments from the public until March 7, 2025. The Proposed Rule...more

Compliance with the HIPAA Privacy Rule to Support Reproductive Healthcare Privacy

Husch Blackwell LLP on 1/24/2025

On April 22, 2024, the Health and Human Services’ Office for Civil Rights (OCR) issued the HIPAA Privacy Rule to Support Reproductive Health Care Privacy Final Rule. The final rule limits the sharing of protected health...more

New York’s Proposed Health Information Privacy Act Takes Aim at Digital Health Companies

Foley & Lardner LLP on 1/24/2025

The New York Health Information Privacy Act (NYHIPA), if enacted, could create a chilling effect on patient access and engagement to readily available digital health care services relied upon by New Yorkers. Digital health...more

With Nod to OCR, Indiana Inks $350K Deal With Dental Firm Following Hack

Health Care Compliance Association (HCCA) on 1/22/2025

Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more

ASTP Adopts New Protecting Care Access Exception

McDermott Will & Schulte on 1/15/2025

On December 17, 2024, the US Department of Health and Human Services (HHS) Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP) published the Health Data,...more

Garden State, are you ready for the NJ Data Privacy Act?

Constangy, Brooks, Smith & Prophete, LLP on 1/14/2025

The NJ Data Privacy Act takes effect tomorrow. The New Jersey Data Privacy Act is set to take effect tomorrow, January 15. The NJDPA was signed into law by Gov. Phil Murphy (D) on January 16, 2024. The NJDPA is similar to...more

New Year, New Data Breach Notification Requirements in New York: Impactful Changes for Life Sciences and Consumer Health Care...

Ropes & Gray LLP on 1/14/2025

In December 2024, New York Governor Kathy Hochul signed into law two bills (A8872A and S2376B; collectively, the “Bills”) that amend New York’s Data Breach Notification Law. The Bills introduce a maximum thirty-day timeframe...more

HIPAA Reproductive Health Care Amendments: Compliance in an Uncertain Enforcement Landscape

Foley & Lardner LLP on 12/20/2024

The amendments to the HIPAA Privacy Rule designed to protect reproductive health care information (Amendments) are under legal challenge as the compliance date quickly approaches. As discussed in more detail in our...more

Compliance Deadline Imminent: HIPAA Final Rule to Support Reproductive Health Care Privacy

Stevens & Lee on 12/19/2024

Around the corner is the Dec. 23 deadline to have your organization bring its HIPAA Notice of Privacy Practices into compliance with the U.S. Department of Health & Human Services’ Office for Civil Rights Final Rule modifying...more

81 Results

View per page

Page: of 4

Compliance › Health Insurance Portability and Accountability Act (HIPAA) › Privacy Laws

"My best business intelligence, in one easy email…"