LAW-3290: Health Care Privacy and AI Governance

This course examines the legal, ethical, and governance frameworks that protect health information in modern health systems, with particular attention to the privacy and security requirements established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its subsequent expansion through the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). As the foundational federal regime governing the protection of protected health information (PHI), HIPAA’s Privacy Rule, Security Rule, and Breach Notification requirements provide the core structure through which healthcare entities manage confidentiality, integrity, and access to sensitive patient information. The course will explore these rules in depth while also examining related international, federal, and state privacy laws, enforcement trends, and regulatory oversight mechanisms that shape contemporary health information governance.

Recognizing the rapidly evolving technological environment in which healthcare data now operates, the course also introduces artificial intelligence and emerging digital technologies as critical factors in healthcare compliance privacy governance. AI-enabled systems increasingly influence claims processing, predictive analytics, medical devices, clinical decision support, and large-scale data aggregation. These technologies create new challenges for patient privacy protections, cybersecurity preparedness, record retention policies, and institutional risk management for the compliance privacy professional. The objectives of the course are to enable students to (1) identify situations that implicate HIPAA and related health care privacy regulations and effectively navigate the guidance and enforcement resources of the U.S. Department of Health and Human Services; (ii) determine which provisions of the HIPAA Privacy and Security Rules apply to particular factual scenarios and apply those provisions within a compliance-oriented decision-making framework; (iii) understand the significance of robust privacy and security safeguards in an era of increasing cyber threats, digital health infrastructure, and electronic crime; and (iv) develop foundational literacy in AI governance and emerging technology oversight as it relates to patient privacy, compliance risk management, and regulatory accountability.

The course is designed to support students interested in careers in healthcare compliance and privacy by introducing key subject areas aligned with the knowledge domains tested on the Certified in Healthcare Compliance (CHC) and Certified in Healthcare Privacy Compliance (CHPC) examinations administered by the Health Care Compliance Association. Through exposure to these domains, the course aims to help students build foundational knowledge relevant to professional certification pathways; however, successful completion of the course does not guarantee examination passage, as certification ultimately depends on individual preparation and performance.