Amy Leopard on Data Privacy

Top 10 takeaways from the new HIPAA security rule NPRM

On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more

3/20/2025 / Business Associates , Comment Period , Cybersecurity , Data Privacy , Data Protection , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , Incident Response Plans , Notice of Proposed Rulemaking (NOPR) , NPRM , Proposed Regulation , Regulatory Agenda , Regulatory Oversight , Regulatory Requirements , Risk Assessment , Technology Sector

AI Meets HIPAA Security: Understanding HHS’s Risk Strategies and Proposed Changes

In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more

3/6/2025 / Artificial Intelligence , Business Associates , Cybersecurity , Data Privacy , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , PHI , Risk Management

The Why Behind the HHS Proposed Security Rule Updates

In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more

2/27/2025 / Cybersecurity , Data Privacy , Data Protection , Data Security , Department of Health and Human Services (HHS) , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , Risk Management , Vulnerability Assessments

Introducing Bradley’s Series on HHS’s Proposed HIPAA Security Rule Updates

Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more

1/16/2025 / Compliance , Cybersecurity , Data Privacy , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Employer Group Health Plans , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , Notice of Proposed Rulemaking (NOPR) , NPRM , OCR , Risk Management

Privacy Crisis: Does Personal Privacy Matter During a Pandemic?

This is the first alert in a series of Bradley installments on privacy issues that may arise during the current COVID-19 pandemic. This first installment focuses on disclosure of personally identifiable health information...more

3/22/2020 / Coronavirus/COVID-19 , Data Privacy , Electronic Protected Health Information (ePHI) , Government Agencies , Health Insurance Portability and Accountability Act (HIPAA) , Infectious Diseases , Patient Privacy Rights , Personally Identifiable Information , Privacy Laws , Public Health Emergency

HHS Proposes Revisions to Part 2 Regulations Governing Confidentiality of Substance Use Disorder Records - Healthcare Alert

On August 26, 2019, the Substance Abuse and Mental Health Services Administration, part of the U.S. Department of Health and Human Services (HHS), published its much-anticipated notice of proposed rulemaking to revise 42...more

8/28/2019 / Comment Period , Confidential Information , Consent , Data Privacy , Department of Health and Human Services (HHS) , Disclosure Requirements , Drug Treatment , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Medical Records , Notice of Proposed Rulemaking (NOPR) , Opioid , Patient Privacy Rights , Prescription Drugs , Proposed Rules , Public Comment , Substance Abuse

OCR Breach Reporting: 2018 “Small Breach” Report Due Friday, March 1st - Healthcare Alert

Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more

2/13/2019 / Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Filing Deadlines , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI , Reporting Requirements

Largest U.S. Health Data Breach To Date Results in $16 Million HIPAA Settlement - Healthcare Alert

On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Anthem, Inc. will pay $16 million to settle OCR’s investigation of its potential violations of the Health...more

10/24/2018 / Anthem Insurance , Corrective Actions , Cyber Attacks , Data Breach , Data Privacy , Data Protection , Data Security , Electronic Protected Health Information (ePHI) , Hackers , Health Care Providers , Health Insurance , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Personally Identifiable Information , Phishing Scams , Settlement

Summary Judgment: Recent HIPAA Case Emphasizes Encryption, Action on Risk Analysis - AHLA Health Information and Technology...

On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more

Amy Leopard

Bradley Arant Boult Cummings LLP

Popular Topics by This Author

Latest Posts › Data Privacy