What health care and life sciences organizations need to know:

• "Bulk" Has a New Definition: The volume thresholds under the U.S. Department of Justice's (DOJ's) Bulk Sensitive Data (BSD) Transfer Rule are surprisingly low—sharing genomic data on just 100 people can trigger compliance requirements, catching many organizations off guard.
• HIPAA Compliance Is Not Enough: The BSD Transfer Rule creates an entirely new compliance layer that goes beyond existing privacy frameworks, such as the Health Insurance Portability and Accountability Act (HIPAA), applying even when data has been de-identified or anonymized.
• It's About Access, Not Just Transfers: Simply giving a foreign vendor, board member, or investor the ability to view sensitive data can trigger the BSD Transfer Rule—no formal data-sharing agreement is required.

In this episode of Diagnosing Health Care®, Epstein Becker Green attorneys Laura DePonio, Elizabeth McEvoy, and Elena Quattrone walk health care and life sciences organizations through the DOJ's BSD Transfer Rule—from scoping and compliance to enforcement risks and exemptions.

Navigate BSD Transfer Rule Compliance with Confidence:

Our team has developed specific tools and advisory services to help organizations like yours understand their obligations under the BSD Transfer Rule, assess risk, and implement compliant data practices. Check out our free resource center: https://explore.ebglaw.com/resources/doj-bulk-sensitive-data-transfer-rule/

Visit our site for related resources and email contact information: https://www.ebglaw.com/dhc93.

Listen to the series and subscribe for email notifications: http://diagnosinghealthcare.com.

-

Epstein Becker Green is a national law firm that focuses its resources on health care, life sciences, and workforce management solutions, coupled with powerful litigation strategies. This video is for informational purposes only and does not constitute legal advice. Viewing this video does not create an attorney-client relationship.

DIAGNOSING HEALTH CARE® is a registered trademark of Epstein Becker & Green, P.C.

© Epstein Becker & Green, P.C. All Rights Reserved. Attorney Advertising.

Value-based enterprises depend on timely, accurate data, yet the rules that govern how that data moves between the Centers for Medicare & Medicaid Services (CMS), accountable care organizations, payors, and providers remain complex and often inconsistent.

On this episode, Epstein Becker Green attorneys Kevin Malone and Karen Mandelbaum unpack the regulatory frameworks shaping data exchange in value-based care. They outline how federal privacy laws, CMS rules, the Health Insurance Portability and Accountability Act (HIPAA), and state requirements intersect; why CMS-sourced data operates under a different regime than Medicare Advantage; and where organizations face the biggest operational hurdles when using, sharing, and governing data across large networks.

Key Takeaways:

• Distinct Legal Frameworks: CMS data is controlled by the Privacy Act, while Medicare Advantage data falls under HIPAA.
• Disclosure Tracking Requirements: CMS data use agreements demand strict tracking and downstream compliance.
• Operational Data Challenges: Silos and uneven data quality remain major barriers to effective value-based care.

Tune in to learn how today's rules shape data access, data quality, and the real-world mechanics of value-based care.

Visit our site for related resources and email contact information: https://www.ebglaw.com/dhc92

Subscribe for email notifications: https://www.ebglaw.com/subscribe.

Visit: http://diagnosinghealthcare.com.

-

This podcast is presented by Epstein Becker & Green, P.C. All rights are reserved. This audio recording includes information about legal issues and legal developments. Such materials are for informational purposes only and may not reflect the most current legal developments. These informational materials are not intended, and should not be taken, as legal advice on any particular set of facts or circumstances, and these materials are not a substitute for the advice of competent counsel. The content reflects the personal views and opinions of the participants. No attorney-client relationship has been created by this audio recording. This audio recording may be considered attorney advertising in some jurisdictions under the applicable law and ethical rules. The determination of the need for legal services and the choice of a lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers.

By early 2026, substance use disorder (SUD) providers, health plans, clinicians, health information exchanges (HIEs), and vendors must meet new federal privacy standards for SUD treatment records or face Health Insurance Portability and Accountability Act (HIPAA)-level enforcement and penalties.

On this episode, Epstein Becker Green attorneys Lisa Pierce Reisz, David Shillcutt, and Laura DePonio join Nichole Sweeney, General Counsel and Chief Privacy Officer at CRISP, to break down the 42 CFR Part 2 final rule: what's changing, what's staying the same, and what organizations often miss. The group explains how the final rule aligns with (but does not replace) HIPAA, why patient consent remains central, and what new operational risks are emerging.

Key Takeaways:

• Adoption of HIPAA Penalties: Part 2 now adopts HIPAA's enforcement and penalty structure.
• Operational Readiness Challenges: Operational readiness, not technology, is the biggest challenge.
• Expanded Compliance Duties: Payors and HIEs face major shifts in data access and compliance duties.

Visit our site for related resources and email contact information: https://www.ebglaw.com/dhc91.

Subscribe for email notifications: https://www.ebglaw.com/subscribe.

Visit: http://diagnosinghealthcare.com.

-

Epstein Becker Green is a national law firm that focuses its resources on health care, life sciences, and workforce management solutions, coupled with powerful litigation strategies.

This video is for informational purposes only and does not constitute legal advice. Viewing this video does not create an attorney-client relationship.

DIAGNOSING HEALTH CARE® is a registered trademark of Epstein Becker & Green, P.C.

© Epstein Becker & Green, P.C. All Rights Reserved. Attorney Advertising.