News & Analysis as of June 2, 2025

Department of Health and Human Services (HHS)

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Jackson Lewis P.C. on 3/24/2025

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more

Top 10 takeaways from the new HIPAA security rule NPRM

Bradley Arant Boult Cummings LLP on 3/20/2025

On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more

AI Meets HIPAA Security: Understanding HHS’s Risk Strategies and Proposed Changes

Bradley Arant Boult Cummings LLP on 3/6/2025

In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more

Biden Administration Proposes Beefed-Up HIPAA Security Rule… But Prognosis Uncertain

Groom Law Group, Chartered on 2/18/2025

On January 6, 2025, the Biden Administration issued a new proposed rule updating the HIPAA Security Standards ( “Proposed Rule”). The original HIPAA Security Standards were issued in 2003 and updated in 2013 and require that...more

Changes Proposed by HHS to Strengthen HIPAA Security Rule

Maynard Nexsen on 2/7/2025

On January 6, 2025, the US Department of Health and Human Services Office for Civil Rights (“OCR”) issued a notice of proposed rulemaking (“Proposed Rule”) containing significant updates to the Security Rule under the Health...more

To Comment or Not to Comment: Looking at the Biden Administration’s HIPAA Cybersecurity Proposed Reg

McDermott+ on 1/30/2025

One of the Biden Administration’s last healthcare regs was a proposed rule that, if finalized, would make significant changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to...more

HHS’s Proposed Security Rule Updates Could Require Group Health Plan Document Changes and New Plan Sponsor Security Practices

Bradley Arant Boult Cummings LLP on 1/30/2025

Proposed regulations may require employers to invest additional resources to safeguard group health plan participants’ protected health information. In this installment of our blog series on the U.S. Department of Health...more

HHS Proposed Rule May Enhance HIPAA Security but Leaves AI Questions Open

McGuireWoods LLP on 1/27/2025

In response to increased cybersecurity threats and significant regulatory enforcement actions, on Dec. 27, 2024, the Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking seeking to enhance...more

Proposed Update to the HIPAA Security Rule

Vorys, Sater, Seymour and Pease LLP on 1/24/2025

In early January, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking. The Proposed Rule would modify the Security Standards for the Protection of...more

HHS OCR Releases Proposed Updates to HIPAA Security Rule

Paul Hastings LLP on 1/23/2025

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more

Proposed Rulemaking to Strengthen HIPAA Security Rule

Bass, Berry & Sims PLC on 1/20/2025

On January 6, the Department of Health and Human Services Office for Civil Rights (OCR) published a notice of proposed rulemaking (Proposed Rule) that would strengthen the requirements of the security rule promulgated...more

OCR Announces Proposed Updates to HIPAA Security Rule, Raises the Bar for Healthcare Cybersecurity

Husch Blackwell LLP on 1/15/2025

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more

HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule

Wilson Sonsini Goodrich & Rosati on 1/15/2025

The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The...more

Proposed Changes to the HIPAA Security Rule Will Have a Significant Impact on the Health Care Sector

Cozen O'Connor on 1/13/2025

A few days ago, the U.S. Department of Health and Human Services (“HHS”), through its Office for Civil Rights, issued the proposed rule HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health...more

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures

Fisher Phillips on 1/7/2025

The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more

HHS’ Last-Minute Holiday Gift: Proposed Changes to the HIPAA Security Rule

Sheppard Mullin Richter & Hampton LLP on 1/6/2025

The U.S. Department of Health and Human Services (“HHS”) issued a Notice of Proposed Rulemaking (the “Proposed Rule”) on December 27, 2024, to significantly amend HIPAA’s Security Rule, which sets forth the security standards...more

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Foley Hoag LLP - Security, Privacy and the... on 12/30/2024

The Department of Health and Human Services (HHS) has proposed significant modifications to the HIPAA Security Rule and the HITECH Act in an attempt to strengthen cybersecurity protections for electronic protected health...more

OIG Recommends Changes to HIPAA Audit Program to Strengthen Data Protections, Implications for Regulated Entities

Brooks Pierce on 12/5/2024

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on 5/13/2024

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on 5/13/2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Significant New Healthcare Privacy and Cybersecurity Developments

Dorsey & Whitney LLP on 4/29/2024

As the federal government continues to take action in response to events impacting the healthcare landscape, stakeholders must ensure that they are staying up-to-date with health information privacy and security developments...more

OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities

Wilson Sonsini Goodrich & Rosati on 3/26/2024

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health...more

[Event] 2023 Healthcare Enforcement Compliance Conference - November 5th - 7th, Washington, DC

Health Care Compliance Association (HCCA) on 8/8/2023

Hear directly from the enforcement community - Want to gain insight into properly monitoring, detecting, investigating, and managing violations? Join us at HCCA’s Annual Healthcare Enforcement Compliance Conference to...more

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on 5/6/2022

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Health Care Compliance Association (HCCA) on 1/17/2022

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

62 Results

View per page

Page: of 3

Cybersecurity › Business Associates › Department of Health and Human Services (HHS)

"My best business intelligence, in one easy email…"