On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
3/20/2025
/ Business Associates ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Assessment ,
Technology Sector
In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more
Bradley has launched a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, beginning last...more
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more
1/16/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Employer Group Health Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
OCR ,
Risk Management
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific...more
Effective July 1, 2023, a new Florida law will limit certain health care providers from storing patient information offshore. CS/CS/SB 264 (Chapter 2023-33, Laws of Florida), amends the Florida Electronic Health Records...more
5/17/2023
/ Data Collection ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Florida ,
Health Care Providers ,
Legislative Agendas ,
New Legislation ,
Patients ,
Personal Data ,
State and Local Government
Two years ago, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) issued regulations under the 21st Century Cures Act advancing the interoperability of electronic health...more
The U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) released an interim final rule on October 29, 2020, delaying the implementation of the...more
11/2/2020
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Compliance ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
Interim Final Rules (IFR) ,
NIST ,
OIG ,
ONC
On July 15, 2020, the Substance Abuse and Mental Health Services Administration (SAMHSA), a branch of the U.S. Department of Health and Human Services (HHS), published its much-anticipated final rule to revise 42 C.F.R. Part...more
7/23/2020
/ CARES Act ,
Confidential Information ,
Consent ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
Patient Privacy Rights ,
SAMHSA ,
Substance Abuse
The U.S. Department of Health and Human Services (HHS) issued companion regulations advancing the interoperability of and patient access to electronic health information under the 21st Century Cures Act that will take effect...more
On August 26, 2019, the Substance Abuse and Mental Health Services Administration, part of the U.S. Department of Health and Human Services (HHS), published its much-anticipated notice of proposed rulemaking to revise 42...more
8/28/2019
/ Comment Period ,
Confidential Information ,
Consent ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug Treatment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Notice of Proposed Rulemaking (NOPR) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Proposed Rules ,
Public Comment ,
Substance Abuse
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
8/2/2018
/ Administrative Hearings ,
Administrative Law Judge (ALJ) ,
AHLA ,
Civil Monetary Penalty ,
Confidential Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Enforcement Actions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
Risk Assessment ,
Summary Judgment
Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more
9/21/2016
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Risk Management ,
Settlement Agreements
How should health care companies strengthen their HIPAA compliance programs to manage the risk of a potential FTC investigation?
While the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more
1/10/2014
/ Centers for Medicare & Medicaid Services (CMS) ,
Compliance ,
Confidential Information ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Right to Privacy ,
Security Audits ,
Security Rule
On December 27, 2013, the U.S. Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS) issued final rules revising the Stark exception (42 CFR...more