Time is Up! OCR Complaint Intake & Breach Reporting Go Live for 42 CFR Part 2

Time is Up! OCR Complaint Intake & Breach Reporting Go Live for 42 CFR Part 2

by | Feb 16, 2026 | ,

Time is up, and the enforcement infrastructure is now live. OCR’s complaint portal is open to 42 CFR Part 2, and Part 2 breach reporting is no longer a future workflow. A live portal changes behavior: it lowers the friction to file, increases complaint volume, and accelerates how quickly organizations receive the familiar “we have received a complaint, please explain” letter. If you are a Part 2 program, a QSO, or a lawful holder (including many HIPAA covered entities and business associates), this is the moment Part 2 stops being a policy project and becomes immediate operational exposure.

read more
Bookmark This! Copies of All 42 CFR Part 2 Rules Published from 1974 to 2024

Bookmark This! Copies of All 42 CFR Part 2 Rules Published from 1974 to 2024

by | Sep 3, 2025 | , , ,

Ever burned valuable time chasing down what feels like endless versions of 42 CFR Part 2? No more! Bookmark this for your one-stop place to go for copies of every single Notice of Proposed Rulemaking (NPRM) and Final Rule for 42 CFR Part 2, starting with the very first proposal in 1974! Whether you’re a compliance officer, privacy lawyer, or just a regs nerd who loves immediate access to the rules you need, this list has you covered. Bookmark it, share it, and breathe easy knowing you’ll never again waste hours digging through archives. You’re welcome. 😉

read more
Beware! New Breach Reporting Obligations Under 42 CFR Part 2 — Even When HIPAA Wouldn’t Require It

Beware! New Breach Reporting Obligations Under 42 CFR Part 2 — Even When HIPAA Wouldn’t Require It

by | Aug 28, 2025 | , ,

Until now, Part 2 programs had no duty to report breaches under Part 2—even if disclosures clearly violated the rule. That “free pass” ends in February 2026, when HIPAA’s breach reporting framework will officially be grafted onto Part 2. What does this mean for programs? A new world of reporting obligations, OCR enforcement, and tougher compliance decisions.

read more
Join Us June 11th for a Free Q&A Panel on 42 CFR Part 2!

Join Us June 11th for a Free Q&A Panel on 42 CFR Part 2!

by | Apr 4, 2025 | , ,

Join us for a 1-hour Q&A session addressing some of the most pressing questions that Part 2 Providers and HIE/HINs are asking about the Final Rule for 42 CFR Part 2. The session will cover: Compliance obligations & enforcement risks for Part 2 Providers, QSOs,& “Lawful Holders”; the NEW Part 2 “TPO Consent” and its application in an HIE-networked environment; sharing Part 2 information for Public Health & Scientific Research; QSO language; sharing Part 2 Information through HIE/HINs, and much more!

read more
Battle of the Bots Continues…Fourth Circuit Affirms Preliminary Injunction Against PointClickCare

Battle of the Bots Continues…Fourth Circuit Affirms Preliminary Injunction Against PointClickCare

by | Mar 25, 2025 | , ,

Continuing the saga of Real Time and PointClickCare in the battle of the bots, the U.S. 4th Circuit recently affirmed a preliminary injunction granted in favor of Real Time against PointClickCare, finding, among other things, that PointClickCare was unable to meet a burden of proof that it met its claimed Exceptions to Information Blocking. Therefore, documentation will be critical for actors who may find themselves having to defend similar claims.

read more
NOW LIVE! The Updated 42 C.F.R. Part 2 Helper is Available!

NOW LIVE! The Updated 42 C.F.R. Part 2 Helper is Available!

by | Mar 2, 2025 | , , ,

The wait is finally over!! Our brand-new, UPDATED 42 C.F.R. Part 2 Helper compliance package is now live for current members of Legal HIE. Loaded with carefully crafted checklists, tools, sample forms, policies, and training resources, all updated for the Part 2 Final Rule, it’s just what the doctor ordered for every organization to stay miles ahead of the February 16, 2026 compliance deadline! Read our new blog post for more information about what’s included with our Part 2 Helper and to get access to a sample checklist to update your Part 2 consents!

read more
Tick Tock: The 42 CFR Part 2 Compliance Clock is Counting Down!

Tick Tock: The 42 CFR Part 2 Compliance Clock is Counting Down!

by | Feb 16, 2025 | , ,

One year. That’s all the time left before the February 16, 2026 compliance deadline for the 42 CFR Part 2 Final Rule officially arrives. If you haven’t started preparing yet, now is the perfect time to get things in motion. One of the most challenging aspects of Part 2 implementation is the new consent structure. While the new consent for treatment, payment, and health care operations (“TPO consent”) introduces opportunities for improved data sharing and alignment with HIPAA, it is also complex and requires careful implementation. To help navigate these changes, today’s post offers readers a checklist of the key elements required in Part 2 consents.

read more
The Winding Road of Changes to 42 CFR Part 2

The Winding Road of Changes to 42 CFR Part 2

by | Feb 1, 2025 |

Over the years, 42 CFR Part 2 has traveled a winding road of amendments and updates—beginning with the 2016 Proposed Rule and continuing through a series of updates, each one modernizing how Part 2 information is shared while preserving essential privacy safeguards. Today’s post offers a chronological list of these rulemakings, each with its own executive summary.

read more
A Look Ahead to 2021

A Look Ahead to 2021

by | Jan 18, 2021 | , , ,

The new year has much in store for electronic health information exchange compliance!  Today’s post provides an overview of anticipated changes to the health information regulatory landscape in 2021, including increased interoperability efforts and telehealth expansion due to the coronavirus pandemic. It is not surprising that many of the topics discussed below are a direct result of the interoperability requirements created by the 21st Century Cures Act (“Cures Act”) enacted in December 2016.

read more
Our Stockings are Stuffed with Compliance Tools

Our Stockings are Stuffed with Compliance Tools

by | Dec 23, 2020 | , , , ,

Seasons Greetings to all of our readers!  First, we want to wish you and yours a holiday season filled with health, happiness and hope!  We also want to thank you all for continuing to make Legal HIE such a popular and highly visited blog!  It puts a smile on our face seeing so many of you enjoying our posts and returning to our site often!  

As stockings are being hung by chimneys with care, we want to make sure you know that Legal HIE’s stockings are absolutely stuffed to the brim with tremendous tools, sample forms, polices and turn-key solutions that can help your organization stay on top of the most pressing compliance challenges, and ever-changing healthcare regulatory landscape. 2021 promises to be a year with many new and final regulations going into effect, and being released. The Legal HIE compliance library was created specifically for this purpose – to help busy and overwhelmed compliance officers and attorneys keep up with these changes by offering turn-key samples and solutions as a solid starting point.

read more
Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!

Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!

by | Aug 21, 2020 | , ,

Yesterday, the period for public comment on the FTC’s Health Breach Notification Rule closed.  The FTC’s Health Breach Notification Rule requires vendors of PHRs and PHR-related entities to notify the FTC if they experience a breach of security involving unsecured health information. Another area of change to Breach Notification is arising out of the CARES Act which was was enacted into law on March 27, 2020 and is making significant changes 42 C.F.R. Part 2.  Among other changes that the CARES Act is introducing, it creates an entirely new obligation on Part 2 providers to notify SAMHSA of uses and disclosures of Part 2 data in any manner not authorized under Part 2!  To date, 42 CFR Part 2 did NOT include an independent obligation to report or notify any agency (i.e., SAMHSA or HHS) of any use or disclosure of Part 2 information which was in violation of 42 CFR  Part 2.

read more
Changes on the Horizon for Part 2 Confidentiality Regulations

Changes on the Horizon for Part 2 Confidentiality Regulations

by | May 22, 2020 | , , ,

As part of its comprehensive COVID-19 response, Congress quietly passed through changes to the federal drug and alcohol confidentiality framework known as “Part 2” under the CARES Act, enacted on March 27.   One of the more underreported components of the CARES Act, the changes do not completely overhaul the Part 2 regulations, however, they relax several restrictions that health care providers have struggled with, particularly in the electronic exchange and electronic health records (“EHR”) context (the “CARES Act Changes”).

read more

Archives