HIPAA is Not Enough!

As healthcare data ecosystems expand, privacy professionals must navigate a complex regulatory terrain that increasingly extends beyond HIPAA. State laws such as Washington’s My Health My Data Act and New York’s Health Information Privacy Act broaden the definition of protected health data and impose consent, transparency, and data minimization obligations on entities outside HIPAA’s scope. California’s CCPA and Delete Act further complicate compliance with robust consumer rights and deletion mandates. Business associate agreements now routinely incorporate multi-jurisdictional standards, including GDPR principles and breach protocols. This session will explore how legal teams can advise healthcare clients on building resilient privacy programs that integrate federal, state, and international requirements, ensure vendor accountability, and operationalize governance frameworks. Attendees will gain practical insights into anticipating regulatory shifts, mitigating risk, and preserving patient trust in a digitally integrated care environment —critical for privacy professionals shaping policy and compliance in a post-HIPAA era.

What you will learn:

• Key regulations healthcare companies should consider beyond HIPAA. 
• Steps healthcare organizations should take in 2026 for privacy compliance. 
• Overview of frameworks for healthcare privacy.