Privacy & Security

Subscribe to Privacy & Security via RSS
john-schnobrich-FlPc9_VocJ4-unsplash (4)

Seyfarth Synopsis: The Department of Health and Human Services has delegated enforcement authority to the Office of Civil Rights for 42 CFR Part 2, which protects the confidentiality of substance use disorder records. Covered entities must update their HIPAA documents to reflect these changes by February 16, 2026.

On August 25, 2025, the U.S. Department of Health and Human Services (HHS) Office of the Secretary authorized the Director of the Office for Civil Rights (OCR) to enforce the “Confidentiality of Substance Use Disorder (SUD) Patient Records” regulations found at 42 CFR Part 2, including the right to impose civil penalties, issue subpoenas and take corrective actions for noncompliance. These rules, finalized in February 2024, aim to protect the privacy of patients’ SUD treatment records, and require updates to HIPAA Privacy Policies and Notices of Privacy Practices.Continue Reading Enforcement of Substance Use Disorder Records

This was captured well waiting for the doctor who was busy at the time
Hush Naidoo Jade Photography, Unsplash

Seyfarth Synopsis: In the wake of a recent federal District Court decision, the reproductive health care HIPAA Privacy rules finalized during the Biden Administration have been vacated and plan sponsors should re-evaluate the language included in their HIPAA compliance documents.

In a somewhat unsurprising turn of events, a Texas District Court vacated the HIPAA

sollange-brenis-q-A3o3Leqt0-unsplash

This post was originally published to Seyfarth’s Global Privacy Watch Blog.

As organizations begin renewing and entering into new contractual relationships for 2024, an oft-forgotten aspect of the contracting process is determining whether a Business Associate Agreement (a “BAA”) is required. Under HIPAA, health care providers, health plans and health care clearinghouses (“Covered Entities”)

Coffee Talk SG

On this episode of Coffee Talk With Benefits, Richard and Sarah venture out of the office as part of an Employee Benefits retreat and engage in brief discussions with their colleagues, Diane DygertCaroline PieperAlisha SullivanBen ConleyJen KraftSam Schwartz-Fenwick, and Ada Dolph covering a range

freestocks-I_pOqP6kCOI-unsplash

By this point, most people in the employee benefits space have heard about the MOVEit and Retirement Clearing House (RCH) cyber incidents, which could directly impact employers’ benefit plans. The MOVEit file transfer application is used by a number of vendors, including those that locate missing plan participants or find information regarding deceased plan participants

Thursday, October 8, 2020
3:00 p.m. to 4:00 p.m. Eastern
2:00 p.m. to 3:00 p.m. Central
1:00 p.m. to 2:00 p.m. Mountain
12:00 p.m. to 1:00 p.m. Pacific

REGISTER HERE

COVID-19 has changed the landscape of retirement readiness for many employees. Employees have been furloughed or lost jobs and plan account balances have been negatively

By: Mark Casciari and Joy Sellstrom

Seyfarth Synopsis: HIPAA provides no federal cause of action, but alleged HIPAA violations may be remedied in state court under state negligence law.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal statute providing for confidentiality of medical records under certain circumstances. It is administered