Compliance

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

HHS Ramps Up Enforcement Against Information Blocking

2025 marks a significant turning point in federal enforcement against “information blocking” in healthcare. In a series of announcements this September, the U.S. Department of Health and Human Services (“HHS”) signaled a major crackdown on healthcare entities—especially health IT developers, health information networks, and certain providers—that restrict patient access to their electronic health information (“EHI”).

Under the direction of Secretary Robert F. Kennedy, Jr., HHS has dedicated increased resources and issued clear warnings that enforcement of information blocking rules is now a top priority. This includes the threat of substantial civil monetary penalties (“CMPs”)—up to $1 million per violation—for certain actors, as well as program-specific disincentives for providers who participate in Medicare and other federal programs. 

AdobeStock_1539387488

On May 9, 2024, the Department of Health and Human Services (“HHS”) published a Final Rule (“the Rule”) updating Section 504 of the Rehabilitation Act of 1973 (“Section 504”) regulations. As part of the Rule, every facility, program, or activity with 15 or more employees and receiving HHS funding will need to comply with new digital accessibility guidelines by May 11, 2026. Those with fewer than 15 employees will need to comply by May 10, 2027.

dataLocks148650499

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

The healthcare sector continues to grapple with an unrelenting wave of cyberattacks, with a notable shift in 2024 and 2025 toward targeting third-party vendors and business associates entrusted with sensitive protected health information (“PHI”). This trend has led to a surge in data breaches, affecting tens of millions of Americans and prompted heightened regulatory scrutiny over how healthcare providers manage and oversee their vendor relationships. 

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

Innovations in artificial intelligence (AI), including advances in generative AI (GenAI) and machine learning, provide new opportunities for healthcare providers, promising improved efficiency in areas such as medical record keeping and billing, as well as advances in clinical decision-making, diagnosis, and treatment. 

Blog SeriesConference Post (1)

This is the first in a series of articles designed to provide SXSW and LSI USA ’26 attendees and other MedTech professionals with practical considerations for efficiently executing mission-critical life science deals.

A new law, the Consolidated Appropriations Act, went into effect on February 3, 2026, issuing new Medicare reimbursement guidelines for off-campus provider-based hospital outpatient departments (HOPDs). As of January 1, 2028, hospitals will be required to make certain operational changes to maintain OPPS reimbursement eligibility for their off-campus provider-based locations. These include such measures as

Electronic medical record with patient data and health care information in tablet. Doctor using digital smart device to read report online. Modern technology in hospital.

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

The Health Insurance Portability and Accountability Act (HIPAA) has long been the cornerstone of patient privacy and data protection. Among its most patient-centric provisions is the Right of Access rule, which guarantees individuals timely access to their medical records. This right is not just a regulatory requirement—it’s a fundamental principle of patient empowerment, enabling individuals to make informed decisions about their health.

Healthcare_148231933-300x268.jpg

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

In 2025, eight new U.S. state privacy laws took effect and several states tightened existing regulations, significantly impacting healthcare organizations. Major changes

Doctor writing survey, insurance and claim form for medical paperwork, document and script for patient records, test result and research in a hospital. Physician hands signing and planning healthcare

This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

Reproductive health privacy rule vacated.

On June 18, 2025, the U.S. District Court for the Northern District of Texas vacated the HIPAA Privacy Rule to Support Reproductive Health Care Privacy Final Rule (Privacy Rule). As a result, the additional privacy protections that had been granted to reproductive healthcare information through President Biden’s Executive Order 14076, (“Protecting Access to Reproductive Health Care Services”), are no longer enforceable or required.

The Colorado General Assembly is back in session and has introduced legislation (SB26-041) that, if enacted, would create new notification requirements and antitrust review processes for healthcare transactions. While Colorado already requires state-level notification of transactions that trigger federal notifications under the Hart-Scott-Rodino Act and notification of certain hospital transactions under the Hospital Transfer Act (“HTA”) of 2023, the proposed bill would create new notification requirements for a broader set of healthcare transactions, and would authorize the Colorado attorney general (“COAG”) to block or delay closing of transactions. The proposed bill also expands the scope of hospital transactions that must be reported under the HTA.