HIPAA Security Rule Update Postponed: More Time Given to Implement Major HIPAA Security Rule Changes
There has been some good news for the HIPAA-regulated entities that feel unprepared for the proposed changes to the HIPAA Security Rule. The Department of Health and Human Services (HHS) had proposed a May 2026 release date for a final rule implementing the proposed changes to the HIPAA Security Rule; however, the U.S. Office of Management and Budget (OMB) website has been updated, showing the final rule has been pushed back a year, with the final action due in July 2027. Why HIPAA Security Rule Changes Have Been Proposed The HHS’ Office for Civil Rights (OCR), under the Biden administration, issued a Notice of Proposed Rulemaking (NPRM) to strengthen the HIPAA Security Rule in December 2024, and published the proposed rule in the Federal Register on January 6, 2025. The original HIPAA Security Rule was enacted more than two decades ago in 2003 and was updated by the HIPAA Omnibus Final Rule in 2013, but there have been no substantial changes to the Security Rule in the past 13 years. Today, almost all aspects of healthcare rely on computer and network technologies, and...
Memorial Healthcare Services Settles Pixel Litigation
Memorial Healthcare Services, a nonprofit healthcare provider serving patients in Southern California, has agreed to settle a class action lawsuit over its use of pixels and other tracking, web analytics, and advertising technologies on its website. The tools are alleged to have been added to the website without the knowledge or consent of patients, causing website users’ personally identifiable information (PII) to be collected and transferred to third parties. The disclosures of PII and health information without consent are alleged to have violated the California Invasion of Privacy Act. Memorial Healthcare Services maintains that there was no wrongdoing. The lawsuit – Valladolid v. Memorial Health Services – was filed by plaintiff Michelle Valladolid in the Superior Court of California, County of Los Angeles, individually and on behalf of similarly situated individuals. After considering the likely cost of continuing with the litigation and risks associated with a trial and related appeals, the defendant and plaintiff agreed to settle the litigation. The parties were...
Data Security Incidents Announced by Park Dental Research Corp; Wabi Sabi Behavioral Health Center
Employee data has been compromised in data security incidents at Park Dental Research Corporation in Oklahoma and Wabi Sabi Behavioral Health Center in Nebraska. Park Dental Research Corporation Park Dental Research Corporation, an Ardmore, OK-based dental implant company, has notified individuals about a security incident it experienced on or around April 29, 2026. The investigation confirmed that an unauthorized third party had access to systems containing information such as names, dates of birth, addresses, Social Security numbers, driver’s license numbers, bank account information, passports, and I-9 forms. There has been no known misuse of the affected information; however, as a precaution against data misuse, the affected individuals have been offered complimentary credit monitoring and identity theft protection services, which include a $1,000,000 identity theft insurance policy. Notification letters were mailed to the affected individuals on June 24, 2026. While ransomware was not mentioned in the notification letters, a ransomware group called Interlock took...
Free Webinar: AI + HIPAA: Innovating in Healthcare Without Leaving Compliance Behind
Artificial intelligence has tremendous potential in healthcare, and healthcare organizations have embraced AI tools in all areas of their operation; however, there are compliance risks associated with AI when tools engage with health information protected under the Health Insurance Portability and Accountability Act (HIPAA). Incorporating AI tools while complying with all HIPAA Privacy and Security Rule implementation specifications can be challenging, especially when there is limited guidance on how HIPAA applies to AI. Fortunately, help is at hand. On July 8, 2026, the HIPAA-compliant communication platform provider Paubox is hosting a webinar where healthcare organizations can learn from a diverse panel of experts about AI-related HIPAA compliance challenges and receive invaluable advice on how to keep innovating without leaving HIPAA compliance behind. During the webinar, attendees will learn about how real-world healthcare teams are developing and implementing AI tools and the challenges they have faced, the specific questions you need to be asking any AI vendor before you...
Calibrated Healthcare Settles Class Action Data Breach Lawsuit
Calibrated Healthcare Systems, LLC, and Calibrated Healthcare, LLC, have agreed to settle a class action lawsuit stemming from a February 2024 security incident that exposed patient information. Calibrated Healthcare identified a security incident on February 26, 2024, and its investigation determined that there had been unauthorized access to its network between February 25, 2024, and February 26, 2024. While data theft was not confirmed, Calibrated Healthcare said data theft was likely. Data compromised in the incident included names, dates of birth, medical diagnosis/treatment information, and health insurance information. The data breach was reported to the HHS’ Office for Civil Rights (OCR) as involving the protected health information of 6,890 individuals, and the affected individuals were notified on or around August 2, 2024. Two putative class action lawsuits were filed in response to the data breach: Adams v. Calibrated Healthcare Systems, LLC, et al and Holden v. Calibrated Healthcare, LLC, which were consolidated in the District Court for the Central District of...



