Blog

Last week, insurance industry regulators agreed to take an exceptionally strong position on managing environmental risk issues driven by climate change.

This is the first in a series of posts about the many new compliance obligations contained within the recently signed, recovery Act, formally called the American Recovery and Reinvestment Act. The initial posts will not focus on the expected reforms related to new rules for executive compensation at companies taking government bailout money but instead will highlight lesser known new policy reforms on data protection and privacy, healthcare, taxes, and corporate whistleblowers. Part One looks at how the law expand's HIPAA scope and the the compliance risks associated with breaches of Protected Health Information or PHI. To enhance enforcement, the Act also makes HHS audits of HIPAA-covered companies mandatory and requires investigation of privacy and security rule related complaints. Although we can describe the rough contours of the changes based upon statutory language the HIPAA provisions also will be subject to rulemaking that will determine more exactly how challenging managing the new reforms may be.