New Developments in Health Information Policy
New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Podcast - Data Privacy and Tracking Technology Compliance
Medical Device Legal News with Sam Bernstein: Episode 10
AI Risks in Healthcare
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
Healthcare Privacy Walkthroughs
Dobbs on Demand: Healthcare Privacy on the Line in a New Legal Setting
HIPAA Tips With Williams Mullen - Health Care Providers - Are You Ready for a Ransomware Attack?
Hybrid Workforces and Compliance with Sheila Limmroth
Privacy and Healthcare Business Associates with Isabella Porter
Podcast: Interoperability: The Provider Perspective - Diagnosing Health Care
HIPAA Tips With Williams Mullen - COVID Health Information and HIPAA – Do You Know the Rules?
Podcast–Interoperability: How Far We’ve Come and Where We’re Going - Diagnosing Health Care
State Law Privacy Video Series | Healthcare Entities and Health Data
Getting Personal—Wearable Devices, Data, and Compliance
AGG Talks: Technology - In the Balance: Interoperability and Security
Podcast: How Can Companies in the Health Care and Life Sciences Industries Strengthen Their Cybersecurity Posture? - Diagnosing Health Care
Nick Culbertson on Compliance Breaches in Healthcare
Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently imposed a $1.5 million civil money penalty against Warby Parker, Inc., a manufacturer and online retailer of eyewear, for...more
The HIPAA Security Rule was originally promulgated over 20 years ago. While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more
Proposed regulations may require employers to invest additional resources to safeguard group health plan participants’ protected health information. In this installment of our blog series on the U.S. Department of Health...more
On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced a Notice of Proposed Rulemaking (NPRM) to amend the Security Standards for the Protection of...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
“Through December 20, 2024, 575 security incidents involving unsecured protected health information affecting 500 or more individuals had been reported to Health and Human Services. Through the same date in 2023, 265...more
Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule. As we...more
A few days ago, the U.S. Department of Health and Human Services (“HHS”), through its Office for Civil Rights, issued the proposed rule HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health...more
On January 6, 2025, the U.S. Department of Health and Human Services (“DHHS”) Office of Civil Rights (“OCR”) published a proposed rule entitled, “HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Health...more
On January 6, 2025, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a “Notice of Proposed Rulemaking,” HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected...more
On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and...more
The U.S. Department of Health and Human Services (HHS) has issued a Notice of Proposed Rulemaking (NPRM) that strengthens the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), which, if...more
On Dec. 27, the Department of Health and Human Services (HHS) issued proposed updates to the HIPAA Security Rule to address evolving cybersecurity threats in healthcare. Introduced through a Notice of Proposed Rulemaking...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) delivered a late-December surprise: a draft overhaul of the Health Insurance Portability and Accountability Act of 1996’s (HIPAA) Security Rule....more
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
On December 27, 2024, the Department of Health and Human Services (“HHS”) proposed substantial revisions to the 20-year-old HIPAA Security Rule. Comments on the proposal will be due within sixty days of its publication in the...more
In the wake of Change Healthcare’s February 2024 ransomware attack, which affected the protected health information (PHI) of at least 100 million individuals — the largest breach of PHI in history — the federal government’s...more
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more
Recognizing the increasing number of successful cyberattacks targeting health care organizations and their valuable patient data, the Office of the Inspector General (OIG) is calling for enhancements to the HIPAA audit...more
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), which enforces HIPAA, recently announced a new enforcement initiative, the Risk Analysis Initiative, in conjunction with OCR’s seventh...more
On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more
HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more