Category Archives: Health Privacy

Connie Update: A Study and Some Additional Changes

On June 24, 2025, Connecticut’s governor signed into law a public health act (the Act) that includes updates to the law governing the statewide health information exchange, commonly known as Connie. While these updates are less substantial than those enacted during the 2024 spring legislative session, they represent meaningful progress on issues that matter to […]

HIPAA’s Reproductive Health Rule is Vacated: A Review of Purl v. HHS

On June 18, 2025, a federal district court in Texas vacated regulations providing protections for reproductive health information as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The court found that the Department of Health and Human Services (HHS) exceeded its authority and unlawfully limited state law, effectively eliminating the rule […]

Behavioral Health Licensure Compacts in CT: Compliance Implications (Part 2)

As discussed in Part 1 of this series, there are important benefits to licensure compacts, but providers must understand that the benefits come with added compliance responsibilities.  Providers who apply for cross-border licensure through PSYPACT, the Counseling Compact, and the Social Work Compact must comply with the laws and rules of the state where the […]

Behavioral Health Licensure Compacts in CT: Overview (Part 1)

The demand for licensed behavioral health providers continues to outpace supply, leaving many individuals without timely access to care, especially in underserved and rural areas. To help bridge this gap, Connecticut has joined a growing number of states in adopting interstate licensure compacts for psychologists, professional counselors, and, most recently, clinical social workers. These compacts […]

HHS Releases Model Attestation Tied to New Reproductive Health Information Protections

Late last week, the Department of Health and Human Services (HHS) released its Model Attestation for use as required under its new final rule for the protection of reproductive health information.  I explain the attestation requirement in section D of my blog post on the final rule. On June 18, 2024, I shared my sample […]

The Pixel Problem Part 3: Less of a Problem After Court Vacates HHS’s Overbroad Action

In Parts 1 and 2 in this series on the Pixel Problem, I review the original and revised guidance from the Department of Health and Human Services (HHS) on the Use of Tracking Technologies by HIPAA Covered Entities and Business Associates.  I noted that HHS’s guidance, even as revised, went too far in determining what […]

The Final Rule: Protection of Reproductive Health Information under HIPAA

On April 26, 2024, just one year after issuing its proposed rule, the Department of Health and Human Services (HHS) finalized changes to the HIPAA Privacy Rule on the protection of reproductive health information (Final Rule).  In 91 pages of tiny font in the Federal Register, HHS addressed the 25,000 comments it received and ultimately […]

Connie: Important Changes to CT’s Law are Coming!

Within the last week, both chambers of the Connecticut Legislature passed Senate Bill 1, which includes provisions revising the law governing the Statewide Health Information Exchange known as Connie (sections 21-24).  Once the Governor signs the bill, it will take effect on July 1, 2024. In summary, the bill makes clear that healthcare providers are […]

The Pixel Problem Part 2: Tracking Technologies and OCR’s Revised Guidance

In December 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) released “guidance” on the use of tracking technologies, which took an overboard approach to the use of basic website analytics tools (2022 Guidance).  Courts criticized OCR’s 2022 Guidance, and last fall, the American Hospital Association sued OCR, alleging agency overreach. […]

Part III: Changes to 42 CFR Part 2 –Enforcement Like Never Before

Buckle up.  The 42 CFR Part 2 enforcement ride is about to begin.  In the 2020 CARES Act, Congress directed that the civil and criminal penalties under the Health Insurance Portability and Accountability Act (HIPAA) apply to the federal regulations protecting substance use disorder (SUD) records. The Department of Health and Human Services (HHS) issued […]