From OCR to AI The Future of Media and Image Analysis in eDiscovery
HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
The HIPAA Privacy and Security Rules generally require covered entities (including most healthcare providers) to execute written agreements (“business associate agreements” or “BAAs”) with their business associates before...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
Report on Patient Privacy 22, no. 4 (April, 2022) - By many measures, David Northcutt’s unsuccessful 2018 bid for the Alabama senate was a costly one. Northcutt, a dentist, loaned his campaign $73,000 throughout the...more
Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other...more
Report on Patient Privacy 21, no. 2 (February 2021) - Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more