The HIPAA Regulatory Updates section of the The HIPAA Guide provides timely information on changes to HIPAA regulations, new guidance from the HHS Office for Civil Rights, and other developments affecting healthcare compliance. It covers topics such as cybersecurity threats, updates to privacy and security rules, and significant legislative changes. This section is for healthcare organizations, compliance officers, and professionals who need to stay informed about regulatory changes and industry best practices to ensure the protection of patient data and compliance with HIPAA standards.
A final rule updating the HIPAA Security Rule has been delayed until mid-2027, giving regulated entities more
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the main enforcer of
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has expanded its HIPAA risk
[...]
A final rule has been issued by the Department of Health and Human Services (HHS) Centers for Medicare and
[...]
At the HIMSS conference on Thursday, Paula M. Stannard, Director of the HHS Office for Civil Rights (OCR),
[...]
The HHS Office for Civil Rights (OCR) has resolved an alleged violation of the risk analysis provision of the
[...]
The Department of Health and Human Services (HHS) has launched a new data privacy enforcement program for
[...]
The compliance deadline for updates to HIPAA Notice of Privacy Practices (NPPs), as mandated by a recent
[...]
The Department of Health and Human Services (HHS) has published new civil penalty amounts in the Federal
[...]
Recent HIPAA changes in 2024 have included a new section of the HIPAA Privacy Rule, changes to Part 162 of
[...]
New HIPAA regulations are published more often than many people realize, and because most new regulations
[...]
Last year, Texas Attorney General Ken Paxton challenged the HHS’ Office for Civil Rights (OCR) HIPAA
[...]
The Director of the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has written a
[...]
A bipartisan healthcare cybersecurity bill – The Health Care Cybersecurity and Resiliency Act of 2025
[...]
The administrative safeguards of the HIPAA Security Rule require HIPAA-regulated entities to conduct a risk
[...]
A Republican Senator has proposed new legislation to ensure data privacy and security for all healthcare
[...]
On September 1, 2025, a new law was implemented in Texas that has new requirements for the storage of
[...]
A new version of the Security Risk Assessment (SRA) Tool has been released by the HHS Office for Civil Rights
[...]
The U.S. Department of Health and Human Services (HHS) has announced that it will be increasing dedicated
[...]
The HHS’ Office for Civil Rights (OCR) has had its workload increased by Robert F. Kennedy Jr., who
[...]
The HHS’ Office for Civil Rights (OCR) has published a new FAQ on the HIPAA Privacy Rule and disclosures of
[...]
A Texas District Court Judge has vacated a 2024 HIPAA Privacy Rule update that was issued by the Department
[...]
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights has a new Director. Acting
[...]
The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has issued a policy statement
[...]
At the 42nd Virtual HIPAA Summit this week, Tim Noonan, deputy director of health information privacy, data,
[...]
The HIPAA requirements for mobile devices are that they are included in risk analyses, that apps and services
[...]
The HIPAA Rules regarding text messaging are that it is permissible for healthcare providers to send
[...]
Dorothy A. Fink, Acting Secretary of the Department of Health and Human Services (HHS), has delayed the
[...]
The New York Legislature recently passed a new bill – the New York Health Information Privacy Act (HIPA)
[...]
The final rule issued by the HHS’ Office for Civil Rights in 2024 that updated the HIPAA Privacy Rule to
[...]
HIPAA-covered entities and their business associates are facing much tougher cybersecurity requirements,
[...]
The HIPAA Privacy Rule Final Rule to Support Reproductive Health Care Privacy was issued on April 22, 2024,
[...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has completed its
[...]
Senators Ron Wyden (D-OR). and Mark Warner (D-VA) have proposed new legislation to improve healthcare
[...]
The state of Texas is suing the U.S. Department of Health and Human Services (HHS), HHS Secretary Xavier
[...]
On August 19, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) signaled
[...]
The Department of Health and Human Services has increased its civil monetary penalty amounts across all of
[...]
A U.S. district court judge has ruled that the guidance on HIPAA and website tracking technologies issued by
[...]
The HHS’ Office for Civil Rights (OCR) has published a Final Rule that updates HIPAA to strengthen
[...]
The HHS’ Office for Civil Rights has updated its guidance for HIPAA-regulated entities on the use of online
[...]
In September 2023, U.S. Senator Bill Cassidy sought feedback from healthcare stakeholders on potential
[...]
The Centers for Medicare and Medicaid Services (CMS) have updated their policy on texting patient information
[...]
The Department of Health and Human Services (HHS) is conducting a survey of HIPAA-covered entities and
[...]
The U.S. Department of Health and Human Services, through the Office for Civil Rights (OCR) and the Substance
[...]
The penalties for HIPAA violations vary depending on the nature of the violations, the degree of harm caused,
[...]
The telemedicine HIPAA requirements affect any medical sector employee or healthcare organization that
[...]
The HHS has published a Healthcare Cybersecurity Strategy document outlining the steps that have been and
[...]
The HIPAA Breach Notification Rule is a Rule introduced by the HITECH Act that requires covered entities –
[...]
New York has proposed new cybersecurity regulations for hospitals in a bid to combat increasing numbers of
[...]
HIPAA was created to reform the health insurance industry; but, because the reforms would incur costs and
[...]
The Secretary of the Department of Health and Human Services (HHS) and the Director of the HHS’ Office for
[...]
The number of states that have introduced bans or restrictions on abortions has been growing since the
[...]
The HHS’ Office for Civil Rights (OCR) has confirmed that the Notifications of Enforcement Discretion it
[...]
Website and application tracking technology has attracted a lot of attention over the past 12 months. The
[...]
The HHS has announced it has restructured its Office for Civil Rights and has created three new divisions to
[...]
The Office for Civil Rights has proposed an update to the HIPAA Privacy Rule to improve the privacy of
[...]
In July, the independent journalism site, The Markup, discovered one-third of the top 100 hospitals in the
[...]
An update to the 42 CFR Part 2 Confidentiality of Substance Use Disorder (SUD) Patient Records has been
[...]
The HHS’ Office for Civil Rights has issued guidance on Recognized Security Practices, how they must be
[...]
The National Institute of Standards and Technology (NIST) has released the second revision of its HIPAA
[...]
In late 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a new
[...]
An investigation conducted by the HHS’ Office for Civil Rights (OCR) of a hacking incident at Oklahoma
[...]
Two senators have written to the Secretary of the Department of Health and Human Services asking for changes
[...]
The landmark decision of the Supreme Court in Dobbs vs. Jackson Women’s Health Organization, where the
[...]
The Government Accountability Office has published the findings of a report that assessed the breach
[...]
In March 2020, the HHS’ Office for Civil Rights (OCR) issued a Telehealth Notification that included a
[...]
A bipartisan bill has been proposed to update the Federal Food, Drug, and Cosmetic Act (FD&C Act) to
[...]
The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) called for the
[...]
Lisa J. Pino, Director of the Department of HEalth and Human Services’ (HHS) Office for Civil Rights
[...]
The Health Insurance Portability and Accountability Act (HIPAA) is more than 25 years old, and it was more
[...]
The Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) requires
[...]
On January 27, 2020, the Secretary of the Department of Health and Human Services, Alex Azar, announced a
[...]
The New Jersey Attorney General has been the most active enforcer of compliance with the Health Insurance
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) launched an enforcement
[...]
Most healthcare organizations in the United States are required to comply with the Health Insurance
[...]
Two printing/mailing vendors have agreed to settle an investigation by the state of New Jersey that alleged
[...]
Limiting access to protected health information (PHI) is one of the fundamental requirements of the Health
[...]
An investigation by the state of New Jersey into a cyberattack on a fertility clinic has uncovered multiple
[...]
The introduction of vaccine mandates by employers, especially in healthcare, has raised questions about HIPAA
[...]
Lisa J. Pino, Director, Office for Civil Rights The Department of Health and Human Services has announced a
[...]
The HIPAA Breach Notification Rule requires HIPAA-regulated entities to report data breaches and issue
[...]
Children’s Hospital & Medical Center (CHMC) has agreed to settle a HIPAA Right of Access
[...]
In 2008, the National Institute of Standards and Technology (NIST) released guidance for HIPAA-covered
[...]
It has been a long time coming, but the information blocking regulations of the Office of the National
[...]
On December 10, 2020, the Department of Health and Human Services published a Notice of Proposed Rulemaking
[...]
Norris Cochran, the Acting Secretary of the Department of Health and Human Services, has declared a public
[...]
The Office for Civil Rights (OCR) of the Department of Health and Human Services has announced it will be
[...]
The U.S. Department of Health and Human Services has issued its largest ever HIPAA fine for noncompliance
[...]
HIPAA covered entities and their business associates have been provided with a degree of protection against
[...]
In 2019, the Department of Health and Human Services’ Office for Civil Rights announced a new HIPAA
[...]
The HHS’ Office for Civil Rights has issued new guidance to help HIPAA covered entities and their business
[...]
The long-awaited report from the Department of Health and Human Services’ Office for Civil Rights on the
[...]
They have been a long time coming, but the Department of Health and Human Services has finally revealed a
[...]
In 2019, the HHS’ Office for Civil Rights launched an enforcement initiative targeting organizations that
[...]
In June 2020, the U.S Department of Health and Human Services (HHS) issued guidance explaining how HIPAA
[...]
For the second successive year, the U.S House of Representatives has voted to remove the ban on the
[...]
The Department of Health and Human Services’ Office for Civil Rights has issued an alert about a potential
[...]
For the second time in a week, the HHS’ Office for Civil Rights (OCR) has announced a fine has been imposed
[...]
On January 31, 2020, the Secretary of the Department of Health and Human Services declared the outbreaks of
[...]
The Department of Health and Human Services Substance Abuse and Mental Health Administration (SAMHSA) has
[...]
The Department of Health and Human Services’ Office for Civil Rights has issued new HIPAA guidance to clear
[...]
Hospitals have been warned that they must not allow film crews into parts of hospitals where there is
[...]
The new interoperability and data sharing rules that were announced by the HHS on March 9, 2020 were due to
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a Notice of
[...]
On April 2, 2020, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued another
[...]
The HHS’ Office for Civil Rights has issued guidance on COVID-19 and HIPAA about the permitted disclosures
[...]
Important information on the 2019 Novel Coronavirus and HIPAA compliance, the limited HIPAA waiver announced
[...]
The U.S. Department of Health and Human Services has released its final interoperability, information
[...]
A $100,000 HIPAA fine has been imposed on a solo physician practice for HIPAA Security Rule failures
[...]
The Department of Health and Human Services (HHS) has issued a final rule modifying the pharmacy HIPAA
[...]
Following a ruling in a federal court that went against the U.S. Department of Health and Human Services, the
[...]
The Office of the Assistant Secretary for Financial Resources (ASFR), Department of Health and Human
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released an updated version
[...]
At the OCR/NIST HIPAA Security Conference in Washington D.C., the Director of the Department of Health and
[...]
The Health Insurance Portability and Accountability Act of 1996 called for the Department of Health and Human
[...]
A new rule has been proposed by the Substance Abuse and Mental Health Services Administration (SAMHSA) that
[...]
The Department of Health and Human Services’ Office for Civil Rights has issued guidance for HIPAA-covered
[...]
The National Association of Attorneys General (NAAG) has written to Congress demanding changes be made to
[...]
New HIPAA guidance for health plans has been published by the Department of Health and Human Services’
[...]
It has been another bad month for the U.S. healthcare industry. Rather than April’s record number of
[...]
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been
[...]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued new advice on HIPAA
[...]
The Department of Health and Human Services (HHS) has made changes to the maximum penalties for HIPAA
[...]
The Centers for Medicare and Medicaid Services (CMS) Division of National Standards has recently announced
[...]
New rules were published by the Department of Health and Human Services’ Office of the National Coordinator
[...]
Washington D.C. Attorney General Karl A. Racine wants to reinforce data breach notification regulations to
[...]
The Dental Board of California revealed in a recent report that some dentists in the state are not giving
[...]
New bills (SB 1270 /HB 1153) have been proposed by Senator Gary Farmer (D-FL) and Representative Bobby DuBose
[...]
The New Jersey Assembly unanimously approved a bill that broadens the types of personal data that call for
[...]
The IRS has launched its 2019 ‘Dirty Dozen’ campaign, which cautions taxpayers about the 12 most commonly
[...]
Nevada Senator Catherine Cortex Masto, (D-NV) recently proposed a bill called the Data Privacy Act, which
[...]
The HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers for
[...]
Wyoming is contemplating repealing the Hospital Records Act of 1991. The act was created to make sure
[...]
The U.S. Food and Drug Administration (FDA) has released guidelines for medical device manufacturers who
[...]
The Federal Policy for the Protection of Human Subjects (45 CFR part 46), also called the Common Rule, has
[...]
The American Medical Informatics Association (AMIA) and the American Health Information Management
[...]
The American Medical Informatics Association (AMIA) is requesting the Health Insurance Portability and
[...]
The HHS has prepared a Request for Information (RFI) to find out how HIPAA Rules are obstructing the sharing
[...]
On October 26, 2017, U.S. President Donald Trump declared that the opioid crisis in the United States was a
[...]
What changes in HIPAA regulations could be expected in 2018? Are there new HIPAA regulations expected to be
[...]
Alex Azar, secretary of the Department of Health and Human Services (HHS) has waived HIPAA sanctions and
[...]
Because of the policy of two out for every new regulation, it is likely that there will be few new HIPAA
[...]
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in August 1996. It was updated in
[...]
In June 2018, the California Consumer Privacy Act (CCPA) was approved by the California legislature. The Act
[...]
Following President Trump’s declaration of a public health emergency in Virginia due to Hurricane
[...]
The Department of Health and Human Services’ Office for Civil Rights has reminded HIPAA-covered entities of
[...]
This page contains a summary of HIPAA violation cases between 2013 and 2017 which led to civil monetary
[...]
The Department of Health and Human Services’ Office for Civil Rights, in the July edition of its
[...]
Alex Azar, Secretary of the Department of Health and Human Services (HHS), explained in an address at The
[...]
A new bill has been proposed in the state of Massachusetts that aims to enhance protections for customers
[...]
Health insurer Aetna conducted a survey about consumers’ attitudes toward healthcare, their associations
[...]
OCR has reminded healthcare organizations of the importance of patch management for HIPAA compliance. Patches
[...]
The American Hospital Association (AHA) has submitted extensive comments about the HHS’ Centers for
[...]
The federal government published on June 19, 2018 the final rule for the Federal Policy for the Protection of
[...]
Patients who think that there has been a violation of HIPAA Rules can send a complaint to the Department of
[...]
A new bill – HB 1128 – has been signed into law by Colorado Governor John Hickenlooper which
[...]
Apple has launched an application programming interface (API) that developers can use to create health apps
[...]
The Department of Health and Human Services’ Office for Civil Rights has issued many financial penalties
[...]
South Carolina Governor Henry McMaster signed into law the South Carolina Insurance Data Security Act on May
[...]
The Government Accountability Office (GAO) recently conducted an audit which showed that patients still face
[...]
OCR published in its April 2018 cybersecurity newsletter the importance of performing a gap analysis. While a
[...]
Most healthcare compliance officers prioritize the compliance of their organizations with the HIPAA Privacy
[...]
The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC)
[...]
Verizon’s annual Protected Health Information Breach Report is out. The report revealed the result of
[...]
The Trump Administration has introduced a new rule that requires two regulations to be removed for any new
[...]
Liquid Web is a hosting solution provider that has been in the business for 20 years. Is it a HIPAA compliant
[...]
A Pleasanton, CA-based company has been developing Zoho, a suite of cloud-based tools and applications, since
[...]
Using social media such as Facebook and Twitter can help healthcare organizations in several ways. It helps
[...]
The Colorado data breach notification bill was introduced in January to protect residents against data
[...]
The Massachusetts Attorney General’s office launched a new online data breach reporting tool. The purpose
[...]
Iowa Attorney General introduced a new bill that proposes changes to the Iowa Breach Notification Act. Since
[...]
There are only two U.S. states that do not have data breach legislation for the protection of their state
[...]
A bipartisan group of legislators in Colorado proposed changing its privacy and data breach notification laws
[...]
Congresswoman Cathy McMorris Rodgers (R-Washington) introduced a new bill (H.R 4613) to the U.S. House of
[...]
Healthcare organizations will pay a big amount for noncompliance with HIPAA Rules. Despite the hefty
[...]
OCR is doing its part to deal with the opioid crisis in the United States and fulfill its responsibilities
[...]
The U.S. Department of Health and Human Services issued a partial waiver of HIPAA sanctions and penalties for
[...]
Healthcare organizations need to address the security risks associated with the use of mobile devices and
[...]
Santa Barbara-based Cottage Health has agreed to pay $2 million as a financial penalty for a breach case with
[...]
The New York based not-for-profit community health plan provider Amida Care has reported a HIPAA breach that
[...]
A clinic employee has failed to get his 5-year jail term reduced. The man stole the protected health
[...]
The confusion about HIPAA Rules on sharing patient information on opioid overdoses has been clarified by the
[...]
According to the released results of a recent survey, the practice of sharing EHR passwords is commonplace,
[...]
Deven McGraw, the Deputy Director for Health Information Privacy at the Department of Health and Human
[...]
A limited waiver of HIPAA sanctions and penalties was issued by the Secretary of the U.S. Department of
[...]
Amida Care, the New York not-for-profit community health plan, has announced that it has experienced HIPAA
[...]
The United States Department of Health and Human Services (HHS) proposed a new rule for certification of
[...]
The rule for HIPAA Compliant Telemedicine in call centers is something every company, providing an answering
[...]
A new initiative – that will assist small healthcare providers with HIPAA compliance, cybersecurity and
[...]
In a recent correspondence with the House Ways and Means Health Subcommittee, the American Hospital
[...]
The U.S. Department of Health and Human Services (HHS) has already imposed two partial waivers of HIPAA
[...]
The Department of Health and Human Services’ Office for Civil Rights has introduced a new campaign to
[...]
A public health crisis was declared in some parts of the U.S. Virgin Islands, Florida and Puerto Rico, which
[...]
Hospitals in the states of Louisiana and Texas needed to make sure medical services are provided through the
[...]
The Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), Roger Severino,
[...]
The American Hospital Association (AHA) sent a letter to the House Ways and Means Health Subcommittee and
[...]
During emergency situations for example natural disasters, HIPAA Privacy Rule compliance can be a difficult
[...]
Next generation firewalls, intrusion detection systems, insider threat control solutions as well as data
[...]
Under the HIPAA Breach Notification Rule (45 CFR §§ 164.400-414), covered entities need to notify the
[...]
Protenus, together with Databreaches.net, made its Breach Barometer mid-year report. It discusses all
[...]
In February 2016, the Department of Health and Human Services proposed changes to the Confidentiality of
[...]
Health plan providers and insurers have required Certificates of Creditable Coverage under the Health
[...]