• videocam Live Webinar with Live Q&A
  • calendar_month June 2, 2026 @ 1:00 PM ET/10:00 AM PT
  • signal_cellular_alt Intermediate
  • card_travel Health
  • schedule 90 minutes

New OCR Civil Enforcement Authority for Part 2 Compliance: Key Stakeholder Requirements, Investigations, Penalties

Early Bird Pricing!
MSRP
$297.00
$252.45
Save $44.55

Discount expires 5/19/26

This course is $0 with these passes:

CLE
ALL
  1. keyboard_arrow_leftBack

About the Course

Introduction

This CLE webinar will examine OCR's new civil enforcement program for 42 C.F.R. Part 2 (Part 2) noncompliance that will enforce key requirements of the 2024 Final Rule for SUD records confidentiality. The panel will address what covered stakeholders may expect in a civil investigation. The panel will also discuss the latest OCR guidance and compliance tools, including the updated model HIPAA NPP and model Part 2 patient notice, and offer best practices for compliance.

Description

OCR recently launched its new Part 2 civil enforcement program in conjunction with the compliance date for the 2024 Final Rule revising Part 2 regulations related to SUD records confidentiality. OCR's new program implements the civil enforcement provisions established by the CARES Act and incorporated in the February 2024 Final Rule that aims to align federal privacy standards for SUD records more closely with HIPAA standards. 

This is the first time OCR will exercise civil enforcement authority over covered stakeholders in a manner comparable to HIPAA enforcement. OCR may now impose civil monetary penalties and multi-year corrective action plans; investigations may follow complaints and breach reports; and SUD confidentiality is now operationally tied to HIPAA compliance infrastructure.

In addition to announcing the new civil enforcement program, OCR has provided updated guidance and compliance tools including: (1) an updated model HIPAA NPP for HIPAA covered entities; (2) a model Part 2 patient notice; (3) an online portal to file a Part 2 complaint for noncompliance; and (4) guidance for Part 2 programs regarding reporting breaches of unsecured Part 2 records.

Listen as our expert panel examines best practices for Part 2 compliance, the latest OCR guidance and compliance tools, and what the new civil enforcement program may mean for stakeholder clients.

Presented By

Debra A. Geroux
Shareholder
Butzel Long

Ms. Geroux is renowned among clients and colleagues for the depth of her experience in health care compliance and cybersecurity and privacy matters, and statutory reporting obligations. She assists health care practitioners in the defense of state and federal debarment, fraud, waste and abuse investigations and litigation, licensing and credentialing, government and commercial payor audits and a host of other health care law issues. For three decades, individual practitioners and group practices, hospitals, community mental health authorities, home health agencies, pharmacies and pharmaceutical manufacturers, ambulatory surgery centers, physical therapy centers, and Durable Medical Equipment, Prosthetic Devices, Prosthetics, Orthotics, and Supplies (DMEPOS) suppliers have sought the counsel and representation of Ms. Geroux.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Beth Neal Pitman
Partner
Holland & Knight LLP

Ms. Pitman advises healthcare systems and providers and healthcare information technology (IT) businesses when navigating healthcare privacy and cybersecurity regulations, other healthcare regulations, and government reimbursement program matters. Her experience includes the development and ongoing management of comprehensive HIPAA compliance programs, including drafting and negotiating business associate agreements, policies and training. When a data breach or other privacy regulatory violation occurs, Ms. Pitman guides her clients through the process for responding to the breach and any subsequent federal or state government investigations. She also provides advice to clients related to the frequent changes associated with the many federal healthcare payment programs.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.


  • Live Online


    On Demand

Date + Time

  • event

    Tuesday, June 2, 2026

  • schedule

    1:00 PM ET/10:00 AM PT

I. Introduction

II. Key stakeholder requirements in the 2024 revised Part 2 regulations

A. Updating NPPs

B. Revising patient consent/authorization forms

C. Updating business associate agreements and qualified service organization agreements

D. Implementing incident response and breach notification processes

E. Others

III. New OCR Part 2 civil enforcement program

A. OCR enforcement focus

B. What may be expected in an OCR civil investigation

C. Civil monetary penalties and other remedies

IV. OCR updated guidance and compliance tools

A. Updated model HIPAA NPP

B. Model Part 2 patient notice

C. Online portal to file Part 2 complaints

D. Guidance for reporting breaches of unsecured Part 2 records

V. Best practices for compliance

VI. Key takeaways


The panel will review these and other important considerations:

  • What key requirements in the 2024 Final Rule revising Part 2 regulations are covered entities now required to comply with?
  • What is noteworthy about OCR's new Part 2 civil enforcement authority?
  • What may covered stakeholders expect in a Part 2 civil investigation? With what potential penalties?
  • What updated guidance and compliance tools have been provided by OCR for covered entities?