New HIPAA Privacy Rule Guidance
Client Alert | less than 1 min read | 12.04.02
The Department of Health and Human Services' Office of Civil Rights (OCR) has released a 100+ page guidance document on the HIPAA Privacy Rule. The guidance document discusses a broad array of topics in a Q&A format. OCR is the agency responsible for enforcing the Privacy Rule, so this guidance provides useful insight about the government's approach to some of the Privacy Rule's "hot topics". For example, OCR states that physicians with hospital staff privileges need not enter into business associate contracts with the hospital, because joint physician-hospital activities fall under the definition of "organized health care arrangement".
Insights
Client Alert | 2 min read | 02.03.26
CMS Doubles Down on RADV Audit Changes
On January 27, 2026, the Centers for Medicare and Medicaid Services (CMS) released a Health Plan Management System (HPMS) memo that provided a long-awaited update on how the agency plans to approach previously announced Risk Adjustment Data Validation (RADV) audits for Payment Years (PY) 2020-2024. The memo is the agency’s most comprehensive statement on the subject since September 25, 2025, when the Northern District of Texas vacated the 2023 RADV Final Rule. The memo makes clear that, while CMS has made certain operational adjustments in response to concerns expressed by Medicare Advantage Organizations (MAOs), the agency is largely pressing forward with the accelerated audit strategy announced in May 2025.
Client Alert | 2 min read | 02.03.26
Sedona Model Jury Instructions for DTSA: A Step Forward—But Questions Remain
Client Alert | 7 min read | 01.30.26
CMS Proposes CY 2027 Growth Rate and Changes to Risk Adjustment for Medicare Parts C and D
Client Alert | 4 min read | 01.30.26
Optimum’s Shot Across the Bow: An Antitrust Challenge to Cooperation Agreements
