Photo of Brent Hoard

Clients rely on Brent’s unique legal and consulting experience to find practical solutions to today’s complex and evolving privacy and data protection issues.

On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Key drivers for the proposed rule include the dramatic increase in cyberattacks, including ransomware, the rapid adoption of cloud computing, mobile devices, and other technologies, and inconsistent compliance with the existing Security Rule identified by the OCR’s investigations.

On September 4, Texas Attorney General (AG) Ken Paxton filed a lawsuit against the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), challenging two key Health Insurance Portability and Accountability Act (HIPAA) rules — the 2000 Privacy Rule and the newly implemented 2024 Privacy Rule. These rules were enacted to protect the privacy of individuals’ protected health information (PHI) under HIPAA. Texas argues that these rules unlawfully limit state investigators’ ability to access PHI, impeding the enforcement of state laws.