Healthcare Business Today Article by Meghan O’Connor, Sarah Erdmann Summarizes New Health Plan Privacy Requirements
In an article for Healthcare Business Today, Quarles & Brady partners Meghan O’Connor and Sarah Erdmann addressed recent changes affecting the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Notices of Privacy Practices (NPP), and what health plans and health insurers need to do to ensure compliance.
O’Connor and Erdmann, members of the firm’s Health and Life Sciences and Data Asset Management, Privacy & Cybersecurity practice groups, explain why this is happening, and what both health plan sponsors and payers need to do to minimize risk of violations.
An excerpt:
If you have ever missed an exit and heard your GPS calmly announce “recalculating,” you know the feeling. No judgment—just a firm reminder that it is time to adjust course.
Health plans and health insurers are having a similar moment. February 16, 2026 was not just another regulatory waypoint—it marked the compliance deadline for significant changes affecting the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Notices of Privacy Practices (NPP), driven by amendments aligning HIPAA more closely with 42 C.F.R. Part 2, the federal confidentiality regulations for substance use disorder (SUD) records.
If your plan has not recalibrated yet, now is the time to check your settings.
…
For health plans, the Part 2 amendments are less about reinventing compliance programs and more about tightening execution. Updated NPPs are the visible tip of the compliance iceberg—but vendor governance, operational discipline, updated general website privacy policies, and internal alignment are what keep you from hitting a regulatory pothole.