Updates to Statute 1557 that Healthcare Providers Need to Know
Privacy and Healthcare Business Associates with Isabella Porter
State Law Privacy Video Series | Healthcare Entities and Health Data
Gerry Blass on Healthcare Vendor Risk Management
AGG Talks: Technology - In the Balance: Interoperability and Security
Is Your Practice's Marketing HIPAA Compliant?
Relaxed HIPAA Restrictions For Providers Using Telehealth
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
Polsinelli Podcasts - Confusion to Clarity on the Future of the 340B Program
Polsinelli Podcast - HIPAA Changes Overview
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more
Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more
On January 6, 2025 the U.S. Department of Health and Human Services published a Proposed Rule (90 FR 898) to strengthen the HIPAA Security Rule and afford greater cybersecurity protections for electronic protected health...more
The U.S. Department of Health and Human Services (HHS) has issued an unpublished Notice of Proposed Rulemaking (NPRM) that strengthens the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and, if...more
The Department of Health and Human Services (HHS) has proposed significant modifications to the HIPAA Security Rule and the HITECH Act in an attempt to strengthen cybersecurity protections for electronic protected health...more
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more
A business associate agreement (BAA) is a written contract between a covered entity (CE) and a business associate (BA) that—among other requirements—(1) establishes the permitted and required uses and disclosures of protected...more
The HHS Office for Civil Rights (OCR) has abandoned its appeal of a federal judge’s ruling overturning OCR’s guidance prohibiting covered entities (CEs) and business associates (BAs) from using the web-tracking technologies...more
For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and...more
On June 20, 2024, a Texas federal judge ruled that guidance published by the Department of Health and Human Services (the Department) prohibiting covered entities from disclosing information collected by third-party...more
On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
Last week, a federal district court in Texas issued a decision declaring unlawful and vacating a central component of a guidance document (the Bulletin) from the Department of Health and Human Services (HHS) Office for Civil...more
A recent federal court decision is a victory for Health Insurance Portability and Accountability Act (HIPAA) covered entities using third-party tracking tools on unauthenticated webpages. These are websites available to the...more
On June 20, 2024, a federal court vacated key portions of regulatory guidance on the treatment of information collected by online tracking tools. At issue was the U.S. Department of Health and Human Services Office for Civil...more
On April 26, 2024, almost a year after issuing a notice of proposed rulemaking to modify the Privacy Rule, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) finalized the HIPAA Privacy Rule to...more
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
The Department of Health and Human Services’ (“HHS”) Office for Civil Rights recently published a final rule (the “Final Rule“) which provides additional privacy protections related to the use and disclosure of reproductive...more
The Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization to eliminate the federal constitutional right to abortion continues to alter the legal landscape across the country. On April 26, 2024, the...more
On April 26, 2024, the Office of Civil Rights (OCR) at the U.S. Department of Health & Human Services (“HHS”) issued a Final Rule amending the HIPAA Privacy Rule to protect the ability of individuals to receive reproductive...more