Products Intelligence Pricing Methodology Contact
TECHNOLOGY, AI & COMPETITION

HIPAA privacy and security

For Technology, AI, and Competition sector companies, HIPAA privacy and security obligations are no longer limited to traditional healthcare adjacency. The U.S. Department of Health and Human Services Office for Civil Rights and the U.S. Federal Trade Commission have both expanded enforcement posture toward tech firms handling health-adjacent data, with OCR's 2024 updated guidance on tracking technologies directly implicating analytics platforms, ad-tech stacks, and AI inference pipelines that touch protected health information. Compliance teams are currently auditing pixel and SDK deployments against that guidance before exposure surfaces in the next round of OCR resolution agreements.

Watch

  • OCR's December 2024 tracking technology guidance: does your analytics stack qualify as a business associate?
  • FTC enforcement under Section 5 for deceptive health data practices in consumer-facing AI products
  • HIPAA Security Rule NPRM (proposed 2024): updated technical safeguard requirements for electronic PHI
  • State AG coordination with OCR on health data breaches involving third-party AI vendors
  • Right-of-access enforcement: OCR settlement pattern targeting patient portal delays at covered entities

Recent material activity in Technology, AI & Competition

  • Apr 11, 2026 MATERIAL

    NIST releases updated AI Risk Management Framework companion guide for critical infrastructure

    NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…

    Read a full sample brief →