HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
This summer, the Ohio House of Representatives passed the Campus Accountability and Modernization to Protect University Students (CAMPUS) Act. This law, if enacted, would require institutions of higher education throughout...more
We are pleased to announce that several of the firm’s practice groups and attorneys were recognized in the 2024 edition of Chambers USA, a directory of leading law firms and attorneys. Chambers and Partners annually...more
A new HHS Final Rule overhauls the federal Part 2 regulations on the confidentiality of substance use disorder (SUD) records. Our Heath Care Health Care and Privacy, Cyber & Data Strategy Groups unpack how the changes will...more
February 29, 2024, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of all "small" breaches of unsecured protected health information that...more
On September 22, 2023, the Commodity Futures Trading Commission’s (the “CFTC” or the “Commission") Division of Market Oversight extended its no-action position regarding certain large trader reporting (“LTR”) obligations for...more
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson Women’s Health Organization, much has been written about how existing privacy laws, such as the Health Insurance Portability and Accountability Act (“HIPAA”), are...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
The new Title IX regulations addressing sexual harassment in elementary and secondary schools went into effect August 14, 2020. These regulations prescribe the exact way that schools must now address sexual harassment of...more
The fluid and fast-changing impact of the new coronavirus (COVID-19) has left institutions of higher education (IHEs) scrambling to address unexpected legal issues. This guidance addresses some of their more frequently asked...more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
We all know how important it is for responsible employees in educational institutions to report up the chain when they learn of sexual misconduct against a student. But the stakes for noncompliance just grew in Texas, where...more
Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
With the New Year underway, the deadline is quickly approaching for HIPAA covered entities to file their annual breach reports with the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”)....more
This morning, the Office for Civil Rights of the Department of Education issued a “Dear Colleague” letter rescinding the Obama administration’s school sexual assault guidance. The Department also issued a new set of...more
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
On April 8, the U.S. Commodity Futures Trading Commission’s (“CFTC”) Division of Market Oversight issued a no-action letter regarding the ownership and control final rule (the “OCR Final Rule”). The OCR Final Rule requires...more
CFTC Again Extends Deadlines for New OCR Compliance; Puts Pressure on FCM Clients Who Will Not Provide Adequate Information Regarding Trading Control - Late last week, staff of the Division of Market Oversight of the...more
Feb. 29, 2016, a/k/a Leap Day, is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health...more
Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60...more
SEC Proposes to Amend Rules Governing Its Administrative Proceedings - On September 24, the U.S. Securities and Exchange Commission (the "SEC") proposed to amend rules governing its administrative proceedings. Key...more
ESMA Publishes Final Technical Standards for MiFID II - The European Securities and Markets Authority issued the equivalent of final rules (known as “technical standards”) to implement three cornerstones of the European...more