Articles and Blogs

Effective September 1, 2025, Texas Senate Bill No. 1188 (“SB 1188”) imposes new legal obligations on health care practitioners and other covered entities regarding the privacy, security and management of electronic health records (“EHRs”) and the use of artificial intelligence (“AI”). Key provisions of the law include: A requirement that EHRs be maintained in... READ MORE

On June 24, 2024, the Department of Health and Human Services (“HHS”) released a final rule implementing disincentives for health care providers who are found by the Office of Inspector General (“OIG”) to have engaged in information blocking practices as defined under the 21st Century Cures Act. This rule establishes a framework for the... READ MORE

On Thursday, June 20, 2024, the United States District Court for the Northern District of Texas (“the Court”) issued a ruling in a case that could have significant implications for enforcement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The case, which was brought by the American Hospital Association (“AHA”), the... READ MORE

On March 18, 2024, the Office for Civil Rights (“OCR”) issued an update to its December 2022 Bulletin regarding the usage of online tracking technologies by HIPAA-regulated entities. When originally published, the Bulletin aimed to clarify when identifiable information collected by tracking technologies on a regulated entity’s website may constitute protected health information (“PHI”)... READ MORE

The cybersecurity incident recently experienced by Change Healthcare has materially disrupted the health care delivery system and created significant financial, operational and legal challenges for many health care organizations. Organizations impacted by this incident should be careful to react thoughtfully and deliberately when addressing these challenges to ensure that any steps taken do not... READ MORE

On February 8, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights and the Substance Abuse and Mental Health Services Administration (“SAMHSA”) issued a Final Rule that modified the “Confidentiality of Substance Use Disorder Patient Records” regulated by 42 CFR Part 2 (“Part 2”). The Final Rule was published... READ MORE

On October 10, 2023, Citrix released security updates for its NetScaler ADC and NetScaler Gateway appliances to remedy a vulnerability dubbed “Citrix Bleed” under CVE-2023-4966. As of October 17, Citrix and the Cybersecurity and Infrastructure Security Agency confirmed that active exploits by threat actors had been observed on unpatched systems. Additionally, cybersecurity firm Mandiant... READ MORE

The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently released updated guidance in its October 2023 Cybersecurity Newsletter emphasizing the importance of sanction policies in maintaining HIPAA compliance. This guidance builds upon a threat brief previously issued in August 2022 by HHS’ Health Sector Cybersecurity Coordination Center (“HC3”).... READ MORE

On December 7, 2022, the Federal Trade Commission (“FTC”) in conjunction with the U.S. Department of Health & Human Services (“HHS”) updated the Mobile Health App Interactive Tool (the “Tool”) to include new questions and new use cases. The Tool is a result of collaborative efforts between the FTC, HHS Office for Civil Rights... READ MORE

On December 2, 2022, the Department of Health and Human Services (“HHS”) Substance Abuse and Mental Health Services Administration (“SAMHSA”) released a proposed rule modifying the Confidentiality of Substance Use Disorder Patient Records regulations at 42 CFR Part 2 (“Part 2”). The goal of the proposed rule is to implement changes necessary to conform... READ MORE