Privacy and Security

Subscribe to Privacy and Security via RSS

This post is co-authored with Lauren Ludwig, legal intern at Robinson+Cole. Lauren is not admitted to practice law.

The Joint Commission (TJC) and Coalition for Health AI (CHAI) recently published the Guidance on the Responsible Use of Artificial Intelligence in Healthcare (Guidance), which outlines strategies for health care organizations to optimize their integration of health

This post was co-authored with Ivy Miller, legal intern at Robinson+Cole. Ivy is admitted to practice in Massachusetts.

On September 10, 2025, the U.S. Court of Appeals for the Fifth Circuit dismissed an appeal of the federal court ruling vacating key provisions of the HIPAA reproductive health care regulations, which appears to signal the end

This post was co-authored with Ivy Miller, legal intern at Robinson+Cole. Ivy is admitted to practice in Massachusetts.

On June 25, 2025, Connecticut Governor Ned Lamont signed into law Public Act No. 25-97, “An Act Concerning Various Revisions to the Public Health Statutes” (the Act). The Act includes a wide range of provisions affecting

On June 9, 2025, Connecticut Governor Ned Lamont signed into law Public Act No. 25-28, “An Act Concerning Access to Reproductive Health Care” (the Act). The Act codifies under Connecticut state law the ability of minors to access reproductive health care services without the need to obtain parental consent, including services related to pregnancy

The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000.

The investigation followed a breach report by Northeast Radiology to OCR in March 2020 after unauthorized individuals accessed radiology images stored in PAC servers. Northeast Radiology notified 298,532 patients of

This post is co-authored by Seth Orkand, co-chair of Robinson+Cole’s Government Enforcement and White-Collar Defense Team and Paul Palma, law intern at Robinson+Cole. Paul is not admitted to practice law.

On March 14, 2025, as part of a spending bill to avert a federal government shutdown, Congress extended COVID-era telehealth “waivers” applicable to Medicare

The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate cases of alleged HIPAA violations. The settlements include resolution agreements and civil monetary penalties.

One of the settlements and

In a highly anticipated decision on an issue facing courts across the country, the Massachusetts Supreme Judicial Court held in late October that Massachusetts hospitals’ use of online tracking technologies that collect and transmit browsing activities of website visitors does not violate the Massachusetts Wiretap Law. 

The Court determined that online interactions between visitors and

On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital