Products Intelligence Pricing Methodology Contact
TRADE & GEOPOLITICAL RISK

HIPAA privacy and security

Trade and geopolitical risk functions handling cross-border health data, employee medical records, or protected health information in M&A due diligence sit squarely inside HIPAA's enforcement perimeter, regardless of their primary industry classification. The U.S. Department of Health and Human Services Office for Civil Rights and the Federal Trade Commission both carry active enforcement authority here, with OCR's 2024 updates to the HIPAA Privacy Rule on reproductive health information adding new documentation obligations that touch compliance workflows well beyond traditional healthcare. Teams are reviewing business associate agreements and data-sharing arrangements now, before the December 2024 compliance date hardens.

Watch

  • OCR's reproductive health data amendment: December 2024 compliance deadline approaching
  • FTC enforcement actions against non-HIPAA-covered entities handling health data
  • Business associate agreement gaps surfacing in cross-border M&A data room reviews
  • State-level health privacy laws diverging from federal HIPAA floor in California, Virginia, Washington

Recent material activity in Trade & Geopolitical Risk

  • Apr 13, 2026 MATERIAL

    OFAC designates 14 entities linked to Russian defense procurement network

    The Treasury Department's Office of Foreign Assets Control added 14 entities and 6 individuals to the Specially Designated Nationals list for their roles in procuring critical technology components for Russia's defense i…

    Read a full sample brief →
  • Apr 10, 2026 MATERIAL

    BIS adds 22 Chinese semiconductor entities to Entity List for advanced chip diversion

    The Bureau of Industry and Security expanded export controls targeting Chinese semiconductor entities found to be diverting advanced computing chips through third-country intermediaries. New license requirements affect i…

    Read a full sample brief →