New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Health Tech Podcast - Episode 3: HIPAA, HITECH and TCPA
The Biggest Changes in HIPAA/HITECH Omnibus Rule & Recommended Action Steps—Ted Kobus
The U.S. Department of Health and Human Services (HHS) on Aug. 27, 2025, published a Statement of Delegation of Authority (Statement) in the Federal Register. HHS Secretary Robert F. Kennedy Jr. delegated authority to the HHS...more
We are pleased to present our annual End of Year Plan Sponsor “To Do” Lists. This year, we present our “To Do” Lists in four separate SW Benefits Updates. This Part 1 covers year-end health and welfare plan issues. Parts 2,...more
As U.S. states continue to pass data privacy legislation, Maryland has gone above and beyond in signing both the Maryland Online Data Privacy Act of 2024 (MODPA) and the Maryland Age Appropriate Design Code (HB 603/SB...more
On November 28, 2022, the U.S. Department of Health and Human Services (“HHS”) proposed sweeping changes to the rules that govern use and disclosure of protected health information (“PHI”) about patients receiving substance...more
A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more
On January 14, 2021, the U.S. Court of Appeals for the Fifth Circuit vacated the civil monetary penalty (CMP) imposed by the Department of Health and Human Services (HHS) against the University of Texas M.D. Anderson Cancer...more
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
This week, the Office for Civil Rights (“OCR”) announced a $3,000,000 HIPAA settlement arising from a medical center’s loss of an unencrypted laptop and flash drive. This is simply the latest of many HIPAA settlements based...more
The Department of Health and Human Services Office for Civil Rights (OCR) today announced that it is lowering the maximum total penalties it may assess against covered entities and business associates for multiple violations...more
In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. ...more
Groundbreaking. Watershed. Unprecedented. - We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, ?2018. Our experience to date has confirmed the...more
Idaho State University (ISU) was recently the target of an investigation and enforcement action for violations of the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA)....more
A recently issued government rule may unknowingly create significant liability and legal risk for many technology enterprises. The expanded definition of "business associates" and related interpretations by the Department of...more
On January 25, 2013, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) published the long-awaited omnibus final regulation governing health data privacy, security and enforcement (Omnibus...more
Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more
The Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act Omnibus Rule, published in the Federal Register Jan. 25, makes many changes to the HIPAA Privacy Rule,...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published today the final regulations for the HIPAA Privacy, Security, Enforcement and Breach Notification Rules (the Omnibus Rules). The Omnibus...more
The U.S. Department of Health and Human Services (HHS) issued final regulations last week that modify many aspects of the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA) and...more
As we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points...more
The long awaited HIPAA/HITECH Final Rule is out. The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance....more
If your business is affected by HIPAA, 2013 will be a year of significant change. ...more
In its first enforcement action against a state agency, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled last month with Alaska’s Department of Health and Social Services (DHSS) for...more