Photo of Ryan S. Higgins

Ryan S. Higgins focuses his practice on representing hospitals, health systems, private equity firms and platform companies, and other health care organizations in corporate and transactional matters, including mergers, acquisitions, joint ventures and management arrangements. He also devotes a significant portion of his practice to representing health care organizations in matters involving health information privacy and security and Health Insurance Portability and Accountability Act (HIPAA) compliance. Ryan serves on the Chicago's office Pro Bono Committee and is heavily involved in pro bono matters. Read Ryan Higgins' full bio.

Designed to provide business leaders and their key advisors with the knowledge and insight they need to grow and sustain successful digital health initiatives, we are pleased to present The Law of Digital Health, a new book edited and authored by McDermott’s team of distinguished digital health lawyers, and published by AHLA.

Visit www.

In its tenth OCR Cyber Awareness Newsletter of the year (Newsletter), the Office for Civil Rights (OCR) reminded HIPAA-covered entities and business associates of the importance of selecting an appropriate authentication method to protect electronic protected health information (ePHI). Authentication is the process used to “verify whether someone or something is who or what it purports to be and keeps unauthorized people or programs from gaining access to information.” The Newsletter notes that the health care sector has been a significant target of cybercrime and that some incidents result from weak authentication methods.

Authentication methods can consist of one or more factors and are often described as: (1) something you know, such as a password; (2) something you are, such as a fingerprint; or (3) something you have, such as a mobile device or smart card. Single-factor authentication requires use of only one of the methods. Multifactor authentication requires use of two or more methods (for example, a password prompt followed by an additional prompt to a mobile device).
Continue Reading

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently posted guidance (OCR guidance) clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a covered entity customer to protected health information (PHI) maintained by the vendor on behalf of the

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits (Phase 2 Audits). OCR is required to conduct compliance audits of covered entities and business associates under the 2009 Health Information