News & Analysis as of

Protected Health Information Data Privacy Healthcare

Robinson+Cole Data Privacy + Security Insider

PIH Health Settles HIPAA Violations for $600,000

PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health...more

Axinn, Veltrop & Harkrider LLP

Axinn Associates at the Spring Meeting: Considerations on Data Privacy and AI Usage for Healthcare Companies

The February 2024 ransomware attack on Change Healthcare was the largest healthcare data breach in U.S. history. The attack disrupted operations—impacting patient care and provider finances—and potentially exposed the...more

Smith Anderson

Healthcare Cyberattacks Are on the Rise: Steps to Safeguard Your Organization

Smith Anderson on

Cyberattacks remain one of the most serious threats facing the healthcare industry. Healthcare providers and their vendors handle sensitive and valuable health data, making them prime targets for cybercriminals....more

Health Care Compliance Association (HCCA)

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

Alston & Bird

New York Passes Health Privacy Law – Your Questions Answered

Alston & Bird on

The New York State legislature passed the Health Information Privacy Act (“NYHIPA”) on January 22, 2025, marking the second state to introduce a comprehensive consumer health data law. If passed, the NYHIPA imposes more...more

Holland & Hart - Health Law Blog

Police-Ordered Blood Draws In Idaho

Law enforcement officers often request or demand that Idaho hospitals draw blood or conduct other tests on patients for law enforcement purposes; nevertheless, the general rule remains that patients (including persons in...more

Quarles & Brady LLP

Trump Administration Rescinds HHS Guidance on Privacy of Gender Affirming Care Data

Quarles & Brady LLP on

On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”) took action pursuant to President Trump’s Executive Order 14187 (“EO 14187”), which is aimed at ending gender affirming care for minors. EO 14187...more

Quarles & Brady LLP

Takeaways from First Washington My Health My Data Act Complaint

Quarles & Brady LLP on

It took some time, but we officially have the first complaint filed alleging violations of the Washington My Health, My Data Act (“MHMDA”). The complaint, filed February 10 in the U.S. District Court Western District of...more

Constangy, Brooks, Smith & Prophete, LLP

New Year, New Rules? New York’s Health Privacy Bill S-929 advances

Just in time for setting a new year’s resolution, the New York Senate passed health privacy bill S-929. This bill was first introduced during the 2024 legislative session but failed to pass. Now in the early weeks of 2025,...more

Ropes & Gray LLP

New York's Health Information Privacy Act Aims to Strictly Regulate Consumer Health Data

Ropes & Gray LLP on

On January 22, 2025, the New York State Assembly and Senate rapidly passed the wide-ranging New York Health Information Privacy Act (“NY HIPA”). If not vetoed by Governor Kathy Hochul, NY HIPA would be the fourth enacted...more

McDermott Will & Emery

Five Questions With a Health Lawyer: Andrea Zazulia

What is your favorite part about practicing healthcare law at McDermott? I am grateful to be part of a health and life sciences team that is truly world-class. Our group is intentional about collaboration and innovation....more

Epstein Becker & Green

Proposed Modernization of the HIPAA Security Rules

Epstein Becker & Green on

The HIPAA Security Rule was originally promulgated over 20 years ago. While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more

Mintz - Health Care Viewpoints

EnforceMintz — Healing Healthcare? DOJ’s Cybersecurity Enforcement Trained Up for 2025

In 2024, the Department of Justice (DOJ) pursued significant enforcement activity under its Civil Cyber-Fraud Initiative (CCFI). As our readers know, the Deputy Attorney General announced the creation of the CCFI in October...more

McDermott Will & Emery

HHS OCR Proposes Significant Modifications to HIPAA Security Rule

§ 160.101 Statutory basis and purpose. The requirements of this subchapter implement sections 1171–1180 of the Social Security Act (the Act), sections 262 and 264 of Public Law 104–191, section 105 of Public Law 110–233,...more

Troutman Pepper Locke

HIPAA Security Rule Revamp Is on the Horizon

Troutman Pepper Locke on

On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and...more

Shook, Hardy & Bacon L.L.P.

OCR Delivers A Year-End Surprise: A Draft Update of HIPAA's Security Rule

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) delivered a late-December surprise: a draft overhaul of the Health Insurance Portability and Accountability Act of 1996’s (HIPAA) Security Rule....more

Vorys, Sater, Seymour and Pease LLP

Texas Court Enjoins Enforcement of HIPAA Final Privacy Rule Against Individual Doctor and Clinic

On December 22, the day before the 2024 Final HIPAA Privacy Rule (2024 Rule) was set to go into effect, a federal district court in Texas enjoined enforcement of the 2024 Rule against Dr. Carmen Purl and Dr. Purl’s Fast Care...more

Quarles & Brady LLP

Compliance Eve Ends with HIPAA Reproductive Health Privacy Rule Order out of Texas: But is it a Gift or Lump of Coal for Regulated...

Quarles & Brady LLP on

December 23, 2024, was the compliance deadline for HIPAA covered entities and business associates to apply the protections of the HIPAA Privacy Rule to support Reproductive Health Care Privacy Final Rule—that is all covered...more

Davis Wright Tremaine LLP

Whether Naughty or Nice, Compliance Deadline for HIPAA Reproductive Care Privacy Is Coming to Town

We just want to provide a friendly reminder that, before key staff depart for the holidays, HIPAA covered entities and business associates should finalize their compliance with the 2024 HIPAA amendments related to...more

Health Care Compliance Association (HCCA)

Disclosure of Full Record to Employer Results in $35K Fine, Broad CAP; Echoes of 2017 HIV Case

It’s not immediately obvious why someone would want to disclose a health care test result as part of a job application. But one such request spurred a Pennsylvania entity to provide a lot more than that: it sent her whole...more

Vorys, Sater, Seymour and Pease LLP

Just Say No!  HIPAA and Requests for Reproductive Health Information

On April 22, 2024, the Office of Civil Rights issued a Final Rule titled HIPAA Privacy Rule to Support Reproductive Health Care Privacy (2024 Final Privacy Rule). Originally Published by the American Bar Association....more

Health Care Compliance Association (HCCA)

BAAs: If and when third parties receiving PHI for research qualify as BAs under HIPAA

A business associate agreement (BAA) is a written contract between a covered entity (CE) and a business associate (BA) that—among other requirements—(1) establishes the permitted and required uses and disclosures of protected...more

Spilman Thomas & Battle, PLLC

Decoded - Technology Law Insights, V 5, Issue 8, October 2024

Welcome to our eighth 2024 issue of Decoded - our technology law insights e-newsletter. Thank you for reading. EU AI Act Tightens Grip on High-Risk AI Systems: Five Critical Questions for U.S. Companies - Why this is...more

Troutman Pepper Locke

Texas AG Challenges HHS Privacy Rules

Troutman Pepper Locke on

On September 4, Texas Attorney General (AG) Ken Paxton filed a lawsuit against the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), challenging two key Health Insurance Portability and...more

Health Care Compliance Association (HCCA)

OCR: Rule Halts Disclosures Under ‘Presumption of Lawfulness,’ Shares Model Attestation Form

Attestations are at the heart of permissible disclosures under the HHS Office for Civil Rights’ (OCR) new reproductive health privacy rule—and OCR wants covered entities (CEs) and business associates (BA) to use them now. The...more

56 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide