Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
Compliance Tip of the Day: COSO Governance Framework: Part 4, Culture
Compliance Tip of the Day: COSO Governance Framework: Part 1, Introduction
Compliance Tip of the Day: Internal Control Deficiencies
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Key Discovery Points: BYOD Case Law Covering Subpoenas and Employee Handbooks
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Compliance Tip of the Day – COSO Objective 1 – Control Environment
Compliance Tip of the Day: Code of Conduct as an Internal Control
Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
Two settlements recently announced by the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) reinforce the agency’s emphasis on promoting thorough risk analysis to help prevent disclosure of...more
On June 4, 2025, the U.S. Department of Health and Human Services Office of Research Integrity (“ORI”) published a Sample Policies and Procedures for Addressing Allegations of Research Misconduct (“Sample Policy”) to align...more
When the current federal administration took office, it issued a memorandum requiring, among other things, that federal agencies delay the issuance of new or proposed rules to the Office of the Federal Register until further...more
On March 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a civil money penalty (“CMP”) of $200,000 against Oregon Health & Science University (“OHSU”) for failing to...more
Many healthcare organizations understand the importance of having a Compliance Committee but some struggle to use their committee effectively. The key to ensuring the Compliance Committee is effective is building smart...more
Over the past few weeks, the Trump administration has introduced sweeping changes across the federal government that have impacted the federal grantee and contractor community. Adding to these changes, the National Institutes...more
On December 27, 2024, the Office for Civil Rights (OCR) at HHS issued a Notice of Proposed Rulemaking (the Proposed Rule) intended to update the Security Rule under the Health Insurance Portability and Accountability Act...more
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
As the new year begins, change is afoot inside the Beltway as the 119th Congress gets underway and Washington prepares for President Trump’s second administration. While change is bringing uncertainty on some fronts, health...more
On May 11, 2023, the U.S. Department of Health and Human Services (HHS) issued a news release on behalf of HHS Secretary Xavier Becerra, announcing the end of the COVID-19 public health emergency (PHE). The duration of the...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Most presidents spend the first days of their administration reversing the policies of their opposite party predecessor and laying the groundwork for their own policies with a series of executive orders. President Trump is...more
As the summer winds down, regulatory updates related to digital health services certainly do not appear to be showing any signs of cooling off. It has been a busy summer, and below we have summarized several key updates for...more
There have been two important developments in the law applicable to the privacy and cybersecurity of group health plan participants’ health information. Plan sponsors must review plan policies and procedures, provider...more
Now that the HHS Office for Research Integrity (ORI) has published its final rule revising 2005 regulations governing misconduct, compliance officials could be engaging in three activities simultaneously: checking to see if...more
Sheila Garrity, director of the HHS Office of Research Integrity (ORI), recently spoke to RRC about the agency‘s new rule revising research misconduct regulations, which has a compliance date of Jan. 1, 2026 (see related...more
On September 12, 2024, the U.S. Department of Health and Human Services (“HHS”), through the Office of Research Integrity (“ORI”) issued its Final Rule, the long-anticipated update to the 2005 Public Health Service Policies...more
On April 26, 2024, the Department of Health and Human Services (HHS) published the final HIPAA Privacy Rule to Support Reproductive Health Care Privacy (Final Rule). The Final Rule became effective June 25, 2024....more
On August 13, 2024, the Centers for Medicare and Medicaid Services (CMS) and its Center for Clinical Standards and Quality / Quality, Safety & Oversight Group issued its memorandum QSO-24-17-EMTALA (the “Memorandum”),...more
On April 26, 2024, the U.S. Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) published Final Regulations under HIPAA’s Privacy Rule introducing greater protections for information related to...more
Overlapping surgeries is a practice that has been used for many years by healthcare providers (such as hospitals and surgical centers). This practice generally refers to situations where one lead attending surgeon is...more
Earlier this year, federal agencies teamed up to issue two rules that will require healthcare providers to update certain policies related to the use and disclosure of health information and to update their Notice of Privacy...more
The Department of Health and Human Services issued a final rule amending the HIPAA privacy rules (“2024 Privacy Rule”). The 2024 Privacy Rule limits the use or disclosure of an individual’s PHI in connection with reproductive...more
On May 21, the Centers for Medicare and Medicaid Services (CMS) announced a new option on CMS.gov to allow individuals to more easily file an Emergency Medical Treatment and Labor Act (EMTALA) complaint. Before launching the...more