The 2026 White Collar Year in Preview ebook provides a comprehensive analysis of anticipated enforcement trends and legal developments across key areas of white collar law. As the federal government continues to advance its...more
4/9/2026
/ Anti-Corruption ,
CFTC ,
Congressional Investigations & Hearings ,
Corporate Counsel ,
Corporate Misconduct ,
Corruption ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Enforcement Priorities ,
False Claims Act (FCA) ,
Federal Contractors ,
Foreign Corrupt Practices Act (FCPA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Fraud ,
International Trade ,
PCAOB ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Trump Administration ,
Whistleblowers ,
White Collar Crimes
On March 5, 2026, Colin Zick presented to the MassRobotics Healthcare Catalyst Program on the topic, "Robotics and Health Information: Navigating Clinical Deployments in Light of Current Trends in Health Information Privacy...more
3/5/2026
/ AI Act ,
Artificial Intelligence ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Medical Devices ,
Privacy-By-Design ,
Robotics ,
Robots
Key Takeaways - The Supreme Court’s agreeing to hear the appeal in Salazar v. Paramount Global will affect how your business can use website tracking tools: A broad interpretation of who is a “consumer” could create new...more
2/18/2026
/ Appellate Courts ,
Class Action ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
SCOTUS ,
Statutory Interpretation ,
Video Privacy Protection Act ,
Web Tracking ,
Websites
February 16, 2026 marks a significant milestone for substance use disorder (SUD) treatment providers across the country. The HHS Office for Civil Rights (OCR) has announced that, effective on February 16, 2026, it will begin...more
2/18/2026
/ Confidentiality Agreements ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
Regulatory Requirements ,
Reporting Requirements ,
Substance Abuse
The healthcare ecosystem has closed the book on a volatile 2025, and HIPAA enforcement has moved into 2026 with sharper edges, wider apertures, and higher stakes. Regulators spent 2025 refining the tools they use, broadening...more
2/10/2026
/ Artificial Intelligence ,
Business Associates ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Digital Health ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Patient Privacy Rights ,
Ransomware ,
Risk Management ,
Third-Party Service Provider
The January 2026 OCR Cybersecurity Newsletter is the U.S. Department of Health and Human Services Office for Civil Rights’ latest installment in its periodic series translating HIPAA Security Rule expectations into practical,...more
1/13/2026
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
OCR ,
Patient Privacy Rights ,
Regulatory Requirements ,
Risk Management
The Louvre is synonymous with cultural excellence. That’s what makes the recent heist of crown jewels—and the subsequent state audit—so jarring. This wasn’t a Hollywood caper. It was a case study in how predictable,...more
42 CFR Part 2: What Changed, Why It Matters, and What to Do Now - On November, 7, 2025, I spoke to the Massachusetts Health Information Management Association about the federal government’s sweeping updates to 42 CFR Part...more
11/10/2025
/ Consent ,
Data Privacy ,
Disclosure Requirements ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
Patient Privacy Rights ,
Regulatory Requirements
BEST PRACTICES FOR USING AI NOTETAKERS IN SENSITIVE MEETINGS -
AI notetakers are rapidly becoming staples of corporate meetings—bringing efficiency alongside new questions about confidentiality and compliance. This tip...more
10/2/2025
/ Artificial Intelligence ,
Attorney-Client Privilege ,
Confidential Communications ,
Confidentiality Policies ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Legal Technology ,
Privacy Concerns ,
Risk Management
Anyone who has wrestled with the HIPAA Security Rule’s risk‐analysis requirement knows that the government’s free Security Risk Assessment (“SRA”) Tool can be a practical starting point—particularly for resource-constrained...more
9/12/2025
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
OCR ,
PHI ,
Risk Assessment
The Federal Trade Commission has once again reminded the mobile ecosystem that compliance obligations under the Children’s Online Privacy Protection Act (“COPPA”) do not stop at an app developer’s door. In a recent...more
On August 7, 2025, Massachusetts Governor Maura Healey signed into law an Act Strengthening Healthcare Protections in the Commonwealth (the “Act”), which amends the state’s existing “Shield Law” protections for providers of...more
After Foley Hoag’s prior updates regarding the chapter 11 bankruptcy cases of 23andMe Holding Co and its affiliated debtors (collectively, “23andMe”), the United States Bankruptcy Court for the Eastern District of Missouri...more
Pursuant to a newly effective U.S. Department of Justice (DOJ) regulation, the transfer and storage of certain sensitive U.S. government and personal data may be prohibited or restricted, depending on the intended recipient,...more
6/11/2025
/ Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
Financial Services Industry ,
Life Sciences ,
National Security ,
New Regulations ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
In a March 31, 2025 letter, the Chair of the FTC, Andrew Ferguson, wrote to the Acting U.S. Bankruptcy Trustee and set out the FTC’s expectations for the protection of consumer information held by 23andMe.
As we noted...more
The chapter 11 bankruptcy cases of 23andMe Holding Co. and its affiliated debtors (collectively, “23andMe”), the company that provides direct-to-consumer genetic testing and ancestry services, has prompted a wave of panicked...more
3/28/2025
/ 23andMe ,
Bankruptcy Code ,
California Consumer Privacy Act (CCPA) ,
Chapter 11 ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
Privacy Laws ,
Privacy Policy
On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more
The Federal Trade Commission's first update in over a decade to its rules under the Children’s Online Privacy Protection Act (“COPPA”) did not bring the dramatic updates that some privacy advocates had requested. Instead, the...more
1/23/2025
/ Biometric Information ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Data Retention ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Online Safety for Children ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda
Overall, the Report recognized the complex interplay between AI advancement and privacy/security concerns, advocating for a balanced approach that promotes innovation while protecting individual rights and national interests....more
The Department of Health and Human Services (HHS) has proposed significant modifications to the HIPAA Security Rule and the HITECH Act in an attempt to strengthen cybersecurity protections for electronic protected health...more
12/30/2024
/ Business Associates ,
Comment Period ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
NPRM ,
OCR ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Rulemaking Process
As the holiday season is upon us, businesses must remain vigilant against the increased threat of cybersecurity hacks and scams. Cybercriminals often exploit the festive atmosphere and increased online activity to target...more
As healthcare technology continues to evolve, so does the need for robust compliance strategies to safeguard patient information and ensure the integrity of medical devices. In a joint September 19, 2024 presentation, the...more
9/20/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Health Technology ,
Healthcare ,
Medical Devices ,
PHI ,
Popular ,
Risk Assessment
The Massachusetts Attorney General’s Office (AGO) issued an announcement last week to inform consumers who may have had their personal information breached in Change Healthcare’s cyberattack this past February. The AGO was...more
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
State Attorneys General play a significant role in shaping health care policy across the country. While the national debates over health care policy in Congress and the federal government receive significant media attention,...more