Privacy

Subscribe to Privacy via RSS
john-schnobrich-FlPc9_VocJ4-unsplash (4)

Seyfarth Synopsis: The Department of Health and Human Services has delegated enforcement authority to the Office of Civil Rights for 42 CFR Part 2, which protects the confidentiality of substance use disorder records. Covered entities must update their HIPAA documents to reflect these changes by February 16, 2026.

On August 25, 2025, the U.S. Department of Health and Human Services (HHS) Office of the Secretary authorized the Director of the Office for Civil Rights (OCR) to enforce the “Confidentiality of Substance Use Disorder (SUD) Patient Records” regulations found at 42 CFR Part 2, including the right to impose civil penalties, issue subpoenas and take corrective actions for noncompliance. These rules, finalized in February 2024, aim to protect the privacy of patients’ SUD treatment records, and require updates to HIPAA Privacy Policies and Notices of Privacy Practices.Continue Reading Enforcement of Substance Use Disorder Records

Social hacking image
FlyD, Unsplash

On September 6, 2024, the U.S. Department of Labor (DOL) issued Compliance Assistance Release No. 2024-01, titled “Cybersecurity Guidance Update.” The updated guidance clarifies that the DOL cybersecurity guidance applies to all ERISA-covered plans, and not just retirement plans, but also health and welfare plans. Also, as a direct response to service providers’

kaffeebart-KrPulSdUetk-unsplash

This post was originally published to Seyfarth’s Global Privacy Watch blog.

Seyfarth Synopsis: This past Monday, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) issued its final rule aimed at strengthening the HIPAA Privacy rules as they are applied to reproductive health data.

On the heels of the release of the 2022 US Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, the Biden Administration directed the Federal agencies to examine what they could do to protect women’s health and privacy. Shortly thereafter, HHS released guidance under HIPAA related to reproductive health care services under a health plan, focusing on information required to be disclosed by law, for law enforcement purposes, and to avert a serious threat to health or safety (see our earlier Alert here). Then, in April 2023, HHS issued proposed modifications to the HIPAA Privacy Rule aimed at these concerns. A year later, the agency finalized those rules on April 22, 2024 – the Final Rule.Continue Reading HHS Strengthens HIPAA Rules to Protect Reproductive Health Privacy