Enforcement of the updated 42 CFR Part 2 rule is slated to begin on February 16, 2026. To prepare, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) that create, receive, maintain, or transmit any substance use disorder (SUD) records must familiarize themselves with the requirements of the Part 2 rule and undertake a review of policies and procedures to ensure compliance.
Articles Discussing HIPAA.
HIPAA Notices of Privacy Practices: A February 2026 Deadline Employers Should Not Miss
HIPAA compliance requirements continue to evolve, and recent court decisions have understandably drawn significant attention. Last summer, we examined these developments in our Workplace Privacy Report article, analyzing how a Texas federal district court decision affected the HIPAA Reproductive Health Privacy Rule and why a subsequent Supreme Court decision may change that outcome. The analysis…
Using Patient Photos in Marketing? OCR Settlement Highlights HIPAA Compliance Requirements
Businesses across many industries naturally want to showcase their satisfied customers. Whether it’s a university featuring successful graduates, a
Regulation Adds Privacy Protections for Patient Records on Substance Use Disorders
Entities regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including employer-sponsored health plans, have until February 16, 2026, to comply with additional privacy protections for patient records related to substance use disorder. A separate permission is required for disclosing information about a person’s substance use disorder.
2024 HIPAA Reproductive Health Privacy Rule Vacated
In 2024, under the Biden Administration, the Department of Health & Human Services (“HHS”) issued the 2024 Reproductive Health Privacy Rule (the “2024 Final Rule”), modifying parts of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
How a Texas Federal District Court Changed the HIPAA Reproductive Health Privacy Rule, But SCOTUS Decision May Say Not So Fast
Explained in more detail below, under the recent vacatur of most of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (the “Reproductive
Compliance Corner: HIPAA Special Enrollment Rights
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was enacted to protect the privacy and security of individuals’ medical information. It sets standards for how healthcare providers, insurers, and other entities handle personal health information (“PHI”), ensuring that such data is kept confidential and secure. Among its various provisions, HIPAA also includes special enrollment rights, which allows individuals to enroll in a health plan outside of the usual open enrollment period if they experience certain qualifying events. So, what exactly are special enrollment rights and when do they apply?
States Move Forward with Privacy Protections to Close HIPAA Gaps for Health, Reproductive Health Info
TakeawaysMultiple state laws are strengthening protections for health data, increasingly going beyond HIPAA, healthcare providers and health plans.Certain categories of health information, such as reproductive health, have greater privacy protections.Organizations cannot look solely to HIPAA when assessing privacy compliance.Related links
2025 Enforcement Trends: Risk Analysis Failures at the Center of HHS’s Multimillion-Dollar HIPAA Penalties
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution agreements reflecting the settlement of alleged HIPAA violations stemming from data breaches reported to OCR.
Changes Proposed by HHS to Strengthen HIPAA Security Rule
On January 6, 2025, the US Department of Health and Human Services Office for Civil Rights (“OCR”) issued a notice of proposed rulemaking (“Proposed Rule”) containing significant updates to the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
OCR Proposed Tighter Security Rules for HIPAA Regulated Entities, including Business Associates and Group Health Plans
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security
Florida Healthcare Provider Faces $1.19M HIPAA Penalty Following Independent Contractor Breach
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S.
HIPAA Reproductive Health Care PHI Rules: Compliance Date Approaching
HIPAA Privacy Rules Get a Post-Dobbs Refresh on Reproductive Health Care
Employers will soon see the national debate about abortion popping up in some unexpected places: the HIPAA privacy policies and procedures and notices of privacy practices they use for their health benefit plans.
Federal Regulators Unveil Revised Final Guidance for Healthcare Cybersecurity and HIPAA Compliance
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for regulated healthcare entities to follow to improve cybersecurity and compliance with the Health Insurance