February 16 Deadline For HIPAA Privacy Notice Update Rapidly Approaching

February 12, 2026

February 16, 2026, is the deadline for health care providers, group health plans and health insurers to update and redistribute their Health Insurance Portability and Accountability (“HIPAA”) Notice of Privacy Practices (“Privacy Notice”) to comply with recent federal rule changes strengthening protections certain Part 2 substance use disorder (“SUD”) records (the “SUD Rules”). Timely update of Privacy Notices and compliance with these related requirements is particularly critical for the following organizations, who regularly receive and handle SUD records:

  • Behavioral health providers;
  • Integrated delivery systems;
  • Health plans receiving SUD claims data; and
  • Third party administrators, utilization management, and other health plan service providers involved in the administration of behavioral health or substance abuse benefits.

HIPAA Privacy Notice Generally

The HIPAA regulations require most health care providers, group health plans and health care clearinghouses (“Covered Entities”) to provide a Privacy Notice that meets the content and distribution requirements of the HIPAA rules. See 45 C.F.R. § 164.520. Health plans generally must deliver the Privacy Notice to their members at enrollment.  Health care providers generally must present the Privacy Notice to patients at least once a year, try to obtain acknowledgement of receipt, display it at their service locations and “prominently post” it on their websites.

Noncompliance with these and other HIPAA requirements can trigger a wide range of adverse consequences, including:

  • Complicate the administration and defense of HIPAA compliance;
  • Fuel HIPAA complaints from PHI subjects or others;
  • Trigger OCR enforcement and the potential civil monetary penalties and corrective action plans;
  • Expose noncompliant health plan fiduciaries to fiduciary investigation and liability under the Employee Retirement Income Security Act;
  • Expose health care providers to licensure, ethical or other professional investigations and sanctions;
  • Expose health care providers and insurers to licensing or other state regulatory enforcement actions;
  • Violate stop-loss, liability or other contracts;
  • Expose health plans, their fiduciaries and other covered entities to added expense to respond to and defend complaints and investigations; and
  • Create reputational risk.

Privacy Notice Updates Due February 16, 2026

The Privacy Notice updates currently due by February 16, 2026, arise from the 2024 Final Rule aligning 42 CFR Part 2 with HIPAA jointly published by the Substance Abuse and Mental Health Services Administration (“SAMHSA”) and OCR to align the substance abuse privacy rules in 42 CFR Part 2 more closely with HIPAA.

While most of the SUD rules operational provisions already are in effect, Covered Entities that maintain SUD records subject to Part to have until February 16, 2026, to update and timely distribute their Privacy Notices to:

  • Explain how Part 2 records may be used and disclosed.
  • Describe patients’ rights to obtain an accounting of disclosures, request restrictions, file complaints and describe potential penalties for misuse.

Along with updating their Privacy Notices content, health plans and other Covered Entities also need to update their Privacy Notice postings and distributions.  Health plans generally are encouraged to follow best practices by treating the revisions as material revisions impacting their health plans and err in favor of broad distribution. Health plans generally should distribute the updated notice to plan participants within 60 days of a material revision or include notice of its availability in its next annual mailing and post an updated copy on the plan’s website. In contrast, health care providers must meet slightly broader distribution requirements, that generally require a health care provider:

  • Ensure the updated notice is provided to new patients at check-in and request a signed acknowledgement of receipt from the patient at least once a year;
  • Post the revised Privacy Notice in a clear and prominent locations in treatment areas as required by the Privacy Rule;
  • Make copies available upon request; and
  • Post electronically on websites

Beyond these specific actions in response to the 2024 Final Rule aligning 42 CFR Part 2, self-insured ERISA plans, their employer or other plan sponsors, fiduciaries, and service providers should take the following steps:

  • Update the plan’s HIPAA Notice;
  • Review and update as necessary HIPAA policies and practices, plan documents and other documentation to ensure compliance with new rule and updated HIPAA Privacy Notie ;
  • Communicate and coordinate with business associates and other service providers and vendors to verify their process and practices are updated to comply with the new requirements;
  • Conduct any necessary training and education for workforce members and business associates;
  • Document compliance efforts; and
  • Take steps to monitor compliance on an ongoing basis.

Review To Confirm Continuing Adequacy Of Other Existing Privacy Notice Content Also Advisable

Along with implementing the changes necessary to ensure their Privacy Notices comply with the SUD Rules of 42 CFR Part 2 alignment, group health plans and other Covered Entities also should review and update their Privacy Notices to confirm other content continues to meet OCR’s Privacy Notice requirements.

Since OCR has not substantively revised the content requirements for Privacy Notices or its model Notice of Privacy Practices for many years, many group health plans and other covered entities take for granted that the existing content of their Privacy Notices remains compliant.  While OCR’s rules have not changed, group health plans and other Covered Entities often have experienced changes in staffing, addresses or other operational details that may make updates to their Privacy Notices required or advisable.  Failing to update Privacy Notices to reflect these changes can both violate HIPAA and fuel a wide range of potentially costly miscommunications and disagreements.  Consequently, group health plan sponsors, fiduciaries and service providers, as well as other Covered Entities also are encouraged to review their existing Privacy Notices for any updates required in response to these and other changes.

HIPAA Privacy Rule to Support Reproductive Health Care Privacy No Longer Required

Covered Entities currently do not have to change their Privacy Notices to add disclosures about new requirements for the disclosure of protected health information (“PHI”) relating to reproductive rights that OCR sought to require under its HIPAA Privacy Rule to Support Reproductive Health Care Privacy (“Reproductive Rights Rule”), as the U.S. District Court for the Northern District of Texas vacated those requirements in Purl v. United States Department of Health and Human Services, No. 2:24-CV-228-Z, (N.D. Tex. June 18, 2025).

Had the District Court not struck down the Reproductive Rights Rule last June, Covered Entities also would have been required by February 16, 2026, to revise their Privacy Notices to discuss OCR HIPAA rules restricting disclosures of protected health information (“PHI”) related to lawful reproductive health care.  

OCR adopted the Reproductive Rights Rule as part of a broader series of actions by the Biden Administration intended to mitigate the effect of the Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, 597 U.S. 215 (2022). Dobbs restored state power to regulate abortion by reversing the Supreme Court’s decades-old decision in Roe v. Wade, which had recognized a woman’s right to abortion as part of a fundamental right to reproductive privacy.

In furtherance of these broader efforts to limit state efforts to regulate abortion and other reproductive rights, the Reproductive Rights Rule prohibited Covered Entities from using or disclosing PHI:

  • For criminal, civil, or administrative investigations into lawful reproductive health care
  • To identify a person for such investigations
  • For proceedings related to lawful reproductive health care

It also required Covered Entities and their business associates to:

  • Obtain a signed attestation before disclosing reproductive health information for certain law enforcement or oversight requests
  • Revise their Privacy Notice to describe these new protections

The federal district court’s ruling makes these updates unnecessary at this time.

If you have questions about these health plan exposures or other health care, workforce employee benefits or other regulatory compliance or investigations concerns, contact the author. 

For More Information

We hope this update is helpful. For more information about the or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by following this publication using the link provided, registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Cynthia Marcotte Stamer is a Martindale-Hubble AV-Preeminent (highest/top 1%) practicing attorney recognized as a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Health Care Law and Labor and Employment Law; among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law recognized for her experience, scholarship, thought leadership and advocacy on health and other employee benefits, insurance, healthcare, workforce, HIPAA and other data and technology and other compliance in connection with her work with health care and life sciences, employee benefits, insurance, education, technology and other highly regulated and performance-dependent clients.

Board certified in labor and employment law by the Texas Board of Legal Specialization and a Fellow in the American College of Employee Benefits Counsel, Ms. Stamer has more than 35 years of experience advising and representing health care providers, managed care and insurance organizations, employers, employee benefit plans and their fiduciaries and administrators, their administrative services, technology and other business associates and other clients about these and other workforce, employee benefits, internal controls and other operations and compliance concerns. 

Ms. Stamer is nationally sought out for her decades of leading-edge experience in the design, sponsorship, administration, and defense of health and other employee benefit, workforce, insurance, healthcare, data and technology, and other operations to promote legal and operational compliance, reduce regulatory and other liability, and advance other operational goals. This experience includes decades of work on HIPAA and other medical and other data and technology privacy, security and other management, including years of service as the Scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with the Department of Health and Human Services Office of Civil Rights, extensive advice to health plans and insurers, their sponsors, fiduciaries and service providers; managed care organizations, health care organizations, health care clearinghouses and other health data and technology providers; and others about HIPAA and other Federal, state and international privacy and data security; and extensive speaking and publications on these and related concerns.

Along with her decades of legal and strategic consulting experience, Ms. Stamer also contributes her leadership and experience to many professional, civic and community organizations. She currently serves as Co-Chair of the ABA Real Property Trusts and Estates (“RPTE”) Section Welfare Plan Committee, Co-Chair of the ABA International Section International Employment Law Committee and its Annual Meeting Program Planning Committee, Chair Emeritus and Vice Chair of the ABA Tort Trial and Insurance (“TIPS”) Section Medicine and Law Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee. She also has served as Scribe for the Joint Committee on Employee Benefits (“JCEB”) annual agency meetings with the Department of Health and Human Services and JCEB Council Representative, International Section Life Sciences Committee Chair, RPTE Section Employee Benefits Group Chair and a Substantive Groups Committee Member, Health Law Section Managed Care & Insurance Interest Group Chair, as TIPS Section Medicine and Law Committee Chair and Employee Benefits Committee and Workers Compensation Committee Vice Chair, Tax Section Fringe Benefit Committee Chair, and in various other ABA leadership capacities. Ms. Stamer also is a former Southwest Benefits Association Board Member and Continuing Education Chair, SHRM National Consultant Board Chair and Region IV Chair, Dallas Bar Association Employee Benefits Committee Chair, former Texas Association of Business State, Regional and Dallas Chapter Chair, a founding board member and Past President of the Alliance for Healthcare Excellence, as well as in the leadership of many other professional, civic and community organizations. She also is valued and celebrated for her decades of policy advocacy and charitable, pro bono, community and other service and leadership to promote understanding and strengthening health care, workforce, saving, disability, aging and retirement and other key policies and challenges through her PROJECT COPE Coalition For Patient Empowerment initiative and many other pro bono service involvements locally, nationally and internationally.

Ms. Stamer is the author of many highly regarded works published by leading professional and business publishers, the ABA, the American Health Lawyers Association, and others. Ms. Stamer also often speaks and serves on the faculty and steering committee for many ABA and other professional and industry conferences and conducts leadership and industry training for a wide range of organizations.

For more information about Ms. Stamer or her health industry, health and other benefits, workforce and other experience and involvements, see the Cynthia Marcotte Stamer P.C. website or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press™

Solutions Law Press™ provides health care, insurance, human resources and employee benefit, data and technology, regulatory and operational performance, and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education. These include extensive resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press™ resources or training.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstances at the particular time. No comment or statement in this publication is to be construed as legal advice or admission. Solutions Law Press and its authors reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often evolves, subsequent developments that could change the currency and completeness of this discussion are likely. Solutions Law Press and its authors disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law-specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2026 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press. ™ For information about licensing for republication, please contact the author directly. All other rights reserved

Leave a Comment » | Health Care | Tagged: , , , , , , , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer

Feds Charges 8 For Alleged $50M In Bogus Student Substance Abuse Counseling Claims

September 3, 2015

Federal prosecutors secured indictments against 8 more former employees of Long Beach, California based Atlantic Health Services, formerly known as Atlantic Recovery Services (ARS) for health care fraud and aggravated identity theft for their alleged participation in a scheme that prosecutors claim resulted in the submission of more than $50 million in fraudulent bills to a California state program for alcohol and drug treatment services for high school and middle school students that in many instances, were not provided or were provided to students who did not have substance abuse problems. Download Drug Counseling Scam Indictment. 

The latest in the ongoing series of charges brought by federal officials resulting from investigations into charges made by ARS, the indictments accuse ARS and its employees of engaging in a long-running fraud scheme to steal tens of millions of dollars from a program with limited resources that was designed to help underprivileged youth in recovery.  In the process, prosecutors claim the defendants and ARS branded many innocent young people as substance abusers and addicts in order to boost enrollment numbers and billings.

Prosecutors claim ARS received more than $46 million from California’s Drug Medi-Cal program after ARS submitted false and fraudulent claims for group and individual substance abuse counseling services.  All 8 defendants are former employees of ARS, which received contracts to provide substance abuse treatment services through the Drug Medi-Cal program to students in schools in Los Angeles County.  The schools included various sites operated by Soledad Enrichment Action and public schools in Montebello, California, Bell Gardens, Californina, Lakewood, and the Antelope Valley.

According to the indictment unsealed this morning, the claims submitted by ARS to the Drug Medi-Cal program were false and fraudulent for a number of reasons, including:

  • ARS billed for services provided to students who did not have substance abuse disorders or addictions and therefore did not qualify to receive Drug Medi-Cal services;
  • ARS billed for counseling sessions that were not conducted at all;
  • ARS billed for counseling services that were not conducted in accordance with Drug Medi-Cal regulations regarding length, number of students, content and setting;
  • ARS personnel falsified documents, including treatment plans, group counseling sign-in sheets, progress notes and update logs (which listed the dates and times of counseling sessions); and
  • ARS personnel forged student signatures on documents.
  • The defendants named in the indictment are:
  • Lori Renee Miller, 54, of Lakewood, California, the program manager at ARS who supervised substance abuse recovery managers and counselors;
  • Nguyet Galaz, 41, of Montclair, California, who oversaw services provided at approximately 11 schools in Los Angeles County;
  • Angela Frances Micklo, 56, of Palmdale, California, who managed counselors at approximately nine schools in Los Angeles County, including several in the Antelope Valley;
  • Maribel Navarro, 48, of Pico Rivera, California, who managed counselors at approximately ten schools in Los Angeles County;
  • Carrenda Jeffery, 64, of the Mid-City District of Los Angeles, who managed counselors at approximately three schools;
  • LaLonnie Egans, 57, of Bellflower, California, who managed counselors at three schools;
  • Tina Lynn St. Julian, 51, of Compton, California, who worked as a counselor at two schools; and
  • Shyrie Womack, 33, Egans’ daughter, also of Bellflower, who worked as a counselor at three schools.The indictments announced today raise the total former ARS employees charged as a result of an investigation by the Office of Inspector General of the Department of Health and Human Services; the California Department of Justice, Bureau of Medi-Cal Fraud and Elder Abuse; and IRS – Criminal Investigation of ARS to 20. Previously, 11 other defendants pleaded guilty to health care fraud charges stemming from the ARS scheme.  Those defendants are former ARS managers Cathy Fernandez, 53, of Downey, California; Erin Hoover, 37, of Long Beach, California; Elizabeth Black, 51, of Long Beach; Helsa Casillas, 44, of El Sereno, California; and Sandra Lopez, 41, of Huntington Park, California; and former ARS counselors Tamara Diaz, 45 of East Los Angeles, California; Margarita Lopez, 40, of Paramount, California; Irma Talavera, 27, of Paramount; Laura Vasquez, 52, of Pico Rivera; Cindy Leticia Ortiz, 29, of Norwalk, California; and Arthur Dominguez, 63, of Glendale, California.  Another defendant, Dr. Leland Whitson, 75, of Redondo Beach, California, the former Medical/Clinical Director of ARS, previously pleaded guilty to making a false statement affecting a health care program.   The dozen defendants who already pleaded guilty are pending sentencing by U.S. District Judge Philip S. Gutierrez.
  • Each of the eight defendants named in the August 26 indictment unsealed today potentially faces decades in federal prison if convicted.  For example, if convicted, Miller faces a statutory maximum sentence of 324 years in federal prison.  Federal officials arrested six of the defendants today.  The Justice Department says it expects Galaz and Micklo self-surrender in the coming weeks.

With health care fraud enforcement a key component of the federal government’s efforts to bring down health care costs and the continuing success of federal and state health care fraud investigation and enforcement efforts like those already achieved by the Justice Department against the 12 defendants that already pleaded guilty, health care providers providing substance abuse or other treatments reimbursed by federal or state programs should must ensure that their care and billings are appropriately delivered and documented to withstand almost inevitable government scrutiny of their operations and activities.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Board Certified in Labor & Employment Law, and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available hereYou also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Examples of some of these recent health care related publications include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.

Leave a Comment » | drug treatment, Health Care, Health Care Fraud, health care reimbursement, substance abuse treatment | Tagged: , , , , , , , , , , , | Permalink
Posted by Cynthia Marcotte Stamer