By February 16, 2026, HIPAA covered entities receiving substance use disorder (SUD) records from a Part 2 program must revise their Notice of Privacy Practices to comply with a 2024 HHS Final Rule.
Kentucky and Indiana implemented new consumer data privacy laws, the KCDPA and ICDPA, effective January 1, 2026. Both laws impose requirements on businesses handling personal data and grant rights to consumers. Compliance is essential to avoid penalties, and businesses should review the guidance from the respective state Attorney Generals ...
Kentucky's Consumer Data Protection Act (KCDPA), effective January 1, 2026, grants consumers rights over their personal data and mandates compliance for businesses handling such data. Controllers must implement privacy practices, limit data collection, and provide clear privacy notices. Violations may result in enforcement by the Attorney ...
The U.S. Department of Health and Human Services (HHS) announced that it will intensify efforts to enforce information blocking rules established under the 21st Century Cures Act of 2016. The rules, which became effective on April 21, 2021, are aimed at ensuring patients have access to all their electronic health records. The penalties and ...
The December 23, 2024 deadline is fast approaching for HIPAA-covered entities to revise their policies and procedures regarding reproductive health. The Office for Civil Rights (OCR) issued a Final Rule that restricts the disclosure of protected health information (PHI) related to lawful reproductive health care, requiring policy amendments ...
On October 16, 2024, the U.S. and International cyber security agencies issued a Joint Cybersecurity Advisory warning of Iranian cyber actors’ brute force and credential access activities that have compromised critical infrastructure organizations. The Advisory provides details on these activities along with mitigation and detection ...
The U.S. Department of Health and Human Services published a final rule establishing penalties for health care providers engaging in information blocking. This rule aims to ensure access to electronic health information and applies disincentives to hospitals, clinicians, and accountable care organizations engaging in information blocking ...
Vendors of personal health records will face new rules for data breach notifications, as clarified by the Federal Trade Commission's Final Rule. The amendments address the increased use of health-related technology and emphasize the importance of notifying individuals and the FTC in case of a breach. The rule expands on definitions, breach ...
On April 4, 2024, Kentucky became the 15th state to enact a comprehensive consumer data privacy law. The Kentucky Consumer Data Protection Act (“KCDPA”) will become effective on January 1, 2026. The KCDPA creates rights for Kentucky consumers and imposes requirements on certain businesses that collect consumer data ...
The U.S. Department of Health and Human Services announced a Final Rule called HIPAA Privacy Rule to Support Reproductive Health Care Privacy, prohibiting the disclosure of protected health information (PHI) related to lawful reproductive health care in certain circumstances. The rule also affects the confidentiality of substance use disorder ...