Updates to Statute 1557 that Healthcare Providers Need to Know
Privacy and Healthcare Business Associates with Isabella Porter
State Law Privacy Video Series | Healthcare Entities and Health Data
Gerry Blass on Healthcare Vendor Risk Management
AGG Talks: Technology - In the Balance: Interoperability and Security
Is Your Practice's Marketing HIPAA Compliant?
Relaxed HIPAA Restrictions For Providers Using Telehealth
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
Polsinelli Podcasts - Confusion to Clarity on the Future of the 340B Program
Polsinelli Podcast - HIPAA Changes Overview
Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more
Last year, the federal Office for Civil Rights (OCR) modified the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to strengthen protections for reproductive health care information (the “2024 Rule”)....more
The public comment period is now open for two Federal Communications Commission (FCC or Commission) proceedings proposing new rules related to foreign ownership of FCC authorization holders. Both proceedings are part of the...more
A federal judge in Texas just tossed out Biden-era reproductive healthcare privacy protections, halting a 2024 final rule with nationwide effect. The rule, which largely took effect in December and created new HIPAA privacy...more
In the wake of a recent federal District Court decision, the reproductive health care HIPAA Privacy rules finalized during the Biden Administration have been vacated and plan sponsors should re-evaluate the language included...more
On June 18, 2025, the U.S. District Court for the Northern District of Texas issued an opinion that vacates the 2024 final rule that enhanced privacy protections for protected health information (PHI) related to reproductive...more
A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more
Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the US Department of Health and Human Services Office for Civil Rights (OCR), which has made...more
Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more
Find this week’s updates on 340B litigation to help you stay in the know on how 340B cases are developing across the country. Each week we comb through the dockets of more than 50 340B cases to provide you with a quick...more
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
New cybersecurity requirements just kicked in for thousands of financial firms operating in New York, and companies need to make sure they have taken action to comply. As of May 1, the latest amendments to the New York...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
On April 11, 2025, the U.S. Department of Justice’s National Security Division (NSD) issued a Compliance Guide to provide additional information to assist companies and individuals in complying with the NSD’s Data Security...more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
U.S. Department of Defense (DOD) contractors with foreign ownership, control, or influence (FOCI) soon will face new requirements. Though cleared DOD contractors have long been bound by FOCI obligations, the new rule will...more
Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more
In November 2023, New York State's Department of Financial Services (NYDFS) amended its cybersecurity regulation, Part 500. This legal alert provides an update for Covered Entities and Class A Businesses on the current NYDFS...more
In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more
The Consumer Financial Protection Bureau (CFPB) has revealed its intention to make changes to the small business loan data collection and reporting rule (1071 Rule) in light of continued opposition from financial institutions...more
The healthcare industry has come up against unprecedented pressure in recent years. Digital transformation has had a significant role to play when it comes to creating the efficiency needed to deal with the challenges of a...more
Covered entities regulated by the New York State Department of Financial Services (NYDFS) must submit cybersecurity compliance forms by April 15, 2025. New sets of requirements for system monitoring and access privileges,...more
The HIPAA Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates to protect patient information stored or transmitted electronically, including...more