On April 22, 2026, Republicans who are part of the House Energy & Commerce Committee’s Privacy Working Group introduced the Secure Data Act (the “Act”), a comprehensive federal privacy bill that would establish a nationwide...more
Article 15 of the EU General Data Protection Regulation (GDPR) grants users the right to access their data: this broadly requires that the data subject has the right to know whether their personal data is being processed and...more
On 19 March 2026, the Court of Justice of the European Union (CJEU) in Case C-526/24 (Brillen Rottler) held that a data subject's first access request may, in certain circumstances, be refused as "excessive" under the EU...more
A newly filed action before the General Court of the European Union (Case T-489/25, Krüßmann v Court of Justice of the European Union) brings together two themes that have become increasingly prominent in EU public law:...more
The Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”), address how health care providers may use and/or disclose patient information. In that regard, HIPAA mandates that...more
The Health Insurance Portability and Accountability Act (HIPAA) has long been the cornerstone of patient privacy and data protection. Among its most patient-centric provisions is the Right of Access rule, which guarantees...more
Every year, INTERPOL’s Commission for the Control of INTERPOL Files(CCF) releases an Annual Report covering the Commission’s accomplishments. Today’s post will be addressing the report for 2024 and the reported requests for...more
This series of posts will focus on INTERPOL’s Commission for the Control of INTERPOL Files(CCF) 2024 activity report,* including the growth of requests for access, deletion, and revision of INTERPOL notices....more
At some point, maybe it’s just simple math. What does it cost to not get in trouble with the HHS Office for Civil Rights (OCR)? This is not about dropping thousands of dollars to do a security risk analysis—and don’t forget...more
Providing parents with access to their child’s healthcare information is not a new legal requirement, but given recent guidance and statements from federal regulators, it is an area of renewed enforcement focus. Now is a good...more
Paula Stannard, the newish director of the HHS Office for Civil Rights (OCR), plans to continue two enforcement initiatives with which covered entities (CEs) and business associates (BAs) likely are familiar—but she’s...more
This summary highlights recent 2025 Health Insurance Portability and Accountability Act (HIPAA) enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR), the risks they...more
Dan Schulte answers common questions related to dental records in the latest issue of the Michigan Dental Association Journal. Question: Am I required to furnish patient records to a patient upon request? Answer: The...more
It was brought to the attention of the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) that healthcare providers may be violating HIPAA in certain instances where they deny parental access to a...more
Does your organisation see an uptick in data subject access requests whenever the story of a high-profile individual exercising their data protection rights makes the headlines? DSARs are a real leveller. Whether the...more
When public agencies or utilities move forward with infrastructure projects, one of the most critical steps is determining exactly what property rights must be acquired. Too often, agencies focus solely on the permanent...more
On Aug. 11, 2025, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced updates to the Privacy Rule’s frequently asked questions (FAQs)....more
Welcome to the September 2025 edition of MHH's Condo/Co-op Digest. We hope our readers enjoyed their August holidays as much as we did and that all of their summer capital improvement projects are all underway and on...more
We’ve reached the final episode in our Back-to-Basics: HIPAA Edition series! Over the past few weeks, we’ve explored some of the fundamental patient rights under HIPAA, including: The right to access their PHI...more
1. What's Changed? The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued new and updated Frequently Asked Questions (FAQs) interpreting the HIPAA Privacy Rule. These additions align with...more
In celebration of the back-to-school season, the Healthcare Compliance Podcast is launching a new Back to Basics series—this time with a focus on patient rights under HIPAA. Each Thursday in August, the podcast will cover a...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has renewed its focus on two critical areas of HIPAA compliance: risk analysis and individual right of access. These enforcement...more
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more
On October 31, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) embraced the end of Spooky Season by announcing two more ransomware-related enforcement actions. ...more
On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more