Search

Deer Oaks HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has entered into a Resolution Agreement and Corrective Action Plan with Deer Oaks, a covered entity under HIPAA. The agreement resolves allegations of impermissible disclosure of protected health information (PHI) and a subsequent data breach, requiring Deer Oaks to pay a resolution amount and implement corrective actions.

HHS Settles HIPAA Breach Case with BST CPAs for $175,000

The U.S. Department of Health and Human Services (HHS) has settled a HIPAA breach case with BST & Co. CPAs, LLP for $175,000. The settlement resolves allegations that BST failed to conduct a risk analysis following a ransomware attack that impacted the protected health information of 170,000 individuals.

Comstar, LLC HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) has entered into a resolution agreement with Comstar, LLC, a business associate under HIPAA. Comstar will pay $75,000 and comply with a corrective action plan to resolve alleged violations of HIPAA's Privacy, Security, and Breach Notification Rules following a ransomware attack affecting 585,621 individuals.

MMG Fusion Settles HIPAA Violations for $10,000

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has reached a resolution agreement with MMG Fusion, LLC, a business associate handling protected health information (PHI). MMG Fusion will pay $10,000 to settle alleged violations of HIPAA's Privacy, Security, and Breach Notification Rules following a data breach that exposed patient information.

HHS - Syracuse ASC Pays $250,000 for HIPAA Violations

The U.S. Department of Health and Human Services (HHS) has reached a resolution agreement with Syracuse ASC, L.L.C. for violations of HIPAA Rules. Syracuse ASC will pay $250,000 and comply with a Corrective Action Plan to address failures in risk analysis and timely breach notifications.

Maine Privacy Bill Advances, Oregon AI Chatbot Bill Clears Legislature

Maine's legislature has advanced a comprehensive privacy bill, the Maine Online Data Privacy Act, through both chambers. Oregon's Senate Bill 1546, an AI chatbot safety bill, has also cleared its state legislature and is heading to the governor. Both bills represent significant state-level regulatory developments.

EU AI Act Omnibus: New Compliance Deadlines and Deepfake Ban

Members of the European Parliament have reached a preliminary agreement on amendments to the EU AI Act, including extended compliance deadlines for high-risk systems and a ban on non-consensual deepfakes. The agreement aims to provide legal certainty and allow more time for technical standards and guidance development.

AI Training Compliance Guidance Post-SRB Ruling

This guidance analyzes the impact of the EU Court of Justice's Single Resolution Board ruling on AI training compliance for engineers. It outlines two pathways for compliance, emphasizing engineering choices in defining identifiability and data protection.

US House Committee Advances KIDS Act and Other Online Safety Bills

The U.S. House Committee on Energy and Commerce advanced the KIDS Act, Sammy's Law, and the App Store Accountability Act to a full House vote. These bills aim to enhance children's online safety by addressing issues like dangerous content, age verification, and app store policies.

South Korea Overhauls PIPA with 10% Turnover Fines and CEO Accountability

South Korea has significantly amended its Personal Information Protection Act (PIPA), introducing fines up to 10% of total turnover and assigning direct supervisory liability to CEOs. These changes, effective September 11, 2026, aim to strengthen deterrence and promote proactive data protection investment.