Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 243: HIPAA Compliance and Potential Changes with Shannon Lipham of Maynard Nexsen
The Trend of Threatening Physicians for Personal Gain
Navigating Legal Strategies for Covering GLP-1s in Self-Insured Medical Plans — Employee Benefits and Executive Compensation Podcast
Podcast: Addressing Patient Complaints About Privacy Violations
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
Top Healthcare Compliance Priorities for 2025
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
Building a Solid HR Foundation in Healthcare Practices
New Developments in Health Information Policy
New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Healthcare Document Retention
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 192: Business Issues for Healthcare with Ira Bedenbaugh and Randi Branham of Elliott Davis
Business Better Podcast Episode: Cyber Adviser – Your Data, My Headache: Consumer Health Data Laws
Conducting Healthcare Compliance Investigations
The FTC's Health Privacy Enforcement Actions
Web-based Tracking Technology and AI: HIPAA Compliance Issues for Health Care Practices
Podcast: Discussing the Implications of Healthcare Privacy Violations
Podcast: Keeping an Eye on HIPAA Trends with Shannon Hartsfield
Podcast - Artificial Intelligence in Healthcare and How to Comply with HIPAA & State Privacy Laws
Meeting Cancer Reporting Requirements
In June 2025, California Attorney General Rob Bonta filed a proposed settlement with Healthline, a health information website, for its handling of personal information under the California Consumer Privacy Act (CCPA)....more
On Wednesday, July 9, 2025, the United States Department of Justice (“DOJ”) issued more than 20 subpoenas to physicians and clinics (the “Providers”) who provide gender-affirming care to transgender youth. According to the...more
20 Democratic AGs sued HHS and DHS for allegedly sharing personal health data with ICE. The complaint alleges that the Centers for Medicare & Medicaid Services—a division of HHS—transferred millions of individuals’ Medicaid...more
On June 18, 2025, the United States District Court for the Northern District of Texas vacated most of the rules designed to enhance reproductive healthcare privacy promulgated by the U.S. Department of Health and Human...more
The U.S. District Court for the Northern District of Texas vacated key portions of the 2024 updates to the HIPAA Privacy Rule that had strengthened protections for reproductive health care information. HIPAA-regulated...more
On June 18, 2025, U.S. District Judge Matthew Kacsmaryk of the Northern District of Texas (the “District Court”) vacated a 2024 final rule issued by the U.S. Department of Health and Human Services (“HHS”) under the Biden...more
We are in an era where smartphones track sleep patterns, fitness apps monitor heart rates, and online searches reveal sensitive medical inquiries. As a result, the notion of “health data” has expanded dramatically. This...more
Last year, the federal Office for Civil Rights (OCR) modified the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to strengthen protections for reproductive health care information (the “2024 Rule”)....more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. State Action: Virginia Governor Signs Bill Restricting Minor’s Use of Social Media:...more
In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more
Recent changes in federal immigration enforcement practices have prompted renewed attention to how healthcare providers manage requests from law enforcement agencies. While federal policy continues to recognize healthcare...more
On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more
A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more
Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more
The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more
We are less than a month into the new Trump administration and are seeing an unprecedented wave of activity and major changes at federal agencies. These changes promise to bring significant disruption to the staff and...more
DTC Telehealth Platforms - Arrangements involving telemedicine and direct-to-consumer (“DTC”) business services are expected to be a source of major regulatory scrutiny. In 2024, such arrangements were the focus of proposed...more
Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
The NJ Data Privacy Act takes effect tomorrow. The New Jersey Data Privacy Act is set to take effect tomorrow, January 15. The NJDPA was signed into law by Gov. Phil Murphy (D) on January 16, 2024. The NJDPA is similar to...more
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
While many healthcare providers are generally aware of their obligations under HIPAA, most do not have a clear sense of what happens if they fail to meet these obligations. At best, most probably are familiar with headlines...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
Last month, the Federal Trade Commission (“FTC”) hosted its annual PrivacyCon event, featuring an array of experts discussing the latest in privacy and data security research. This post, covering healthcare privacy issues, is...more