healthcare regulatory compliance

HIPAA Enforcement Marches On (?)

By Matt Fisher – The Office for Civil Rights announced another cyber incident driven HIPAA civil monetary penalty on February 20, 2025. The settlement broke a one month lull in HIPAA enforcement announcements, though looking at the dates in the documents (all go back to the last quarter or so of 2024), it may not necessarily be an indication that enforcement of HIPAA remains an ongoing immediate priority.


AI: The Prescriber

By Matt Fisher – Artificial intelligence has been the subject of no shortage of hype about its capabilities. As AI has evolved in the past few years it has often been touted as the force that will finally drive major changes in healthcare.


Not 1, Not 2, but 6 Settlements

By Matt Fisher – Prior to the changeover of the administration, the HHS Office for Civil Rights went on a bit of a HIPAA settlement bender. The fast pace of announced settlements felt a bit like a clearing of the decks. The various settlements continued recent trends around the issues being selected by OCR for settlement along with the still random amount of settlements.


Security Changes in the Wind

By Matt Fisher – On January 6, 2025, the Department of Health and Human Services officially published a notice of proposed rulemaking to modify and update the HIPAA Security Rule. The timing of the proposed rule leaves any sort of immediate action with a lot of uncertainty (changing administrations bring changing priorities and delays).


HIPAA Reproductive Healthcare Uncertainty

By Matt Fisher – 2024 cannot end without a further wrinkle on the HIPAA front. Earlier in the year, the Office for Civil Rights in the Department of Health and Human Services modified the HIPAA Privacy Rule by adding language specific to reproductive health care and reproductive health care services.


More HIPAA Access Issues

By Matt Fisher – The HHS Office for Civil Rights continues to pursue enforcement actions when alleged non-compliance occurs following a right of access request. Not every settlement provides the same degree of insight or ability to follow OCR’s line of thinking though. That is the case stemming from the latest civil monetary penalty announced by OCR.


Ransomware Inevitable, Lack of Readiness Not

By Matt Fisher – Recently the OCR announced another settlement stemming from a ransomware attack. The settlement is just the latest one imposed by OCR stemming from a cyberattack. It may feel like rubbing salt in a wound, but the details behind the settlement (at least the minimum ones available) provide a little bit more insight.


Ending with a Whimper

By Matt Fisher -The so far long and tangled path for tracking technology and HIPAA in healthcare appears it will end with a whimper. It is being reported that the federal Department of Health and Human Services dropped its appeal of the decision from the United States District Court for the Northern District of Texas…