If enacted, the New York Health Information Privacy Act (“NYHIPA”) will be the latest in a series of state privacy laws that regulate health data outside of the traditional health care context. It would follow the passage of...more
Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more
1/17/2025
/ Artificial Intelligence ,
Audits ,
Compliance ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Ransomware ,
Risk Management
Texas Attorney (“AG”) General Ken Paxton announced a first-for-Texas settlement against a generative AI company using patient data and providing products to healthcare facilities....more
The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more
The HIPAA Privacy Rule has been modified by the US Department of Health and Human Services (HHS) to increase privacy protections for reproductive health care information. These changes, which will take effect in early 2026,...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance concerning compliance obligations for HIPAA covered entities and business associates using online tracking...more
The U.S. Department of Health and Human Services (HHS) has finalized amendments to more closely align the Part 2 substance use disorder (SUD) regulations with HIPAA. These changes have the potential to streamline compliance...more
The Federal Trade Commission (“FTC”) has banned Rite Aid from using facial recognition technologies for surveillance for five years, demonstrating the FTC’s expectations regarding deployments of biometric and artificial...more
President Biden’s groundbreaking Executive Order on artificial intelligence carries significant implications for the health and life science industry. The Order tasks federal agencies, including those responsible for health...more
Health companies cannot use online tracking technologies like other consumer organizations. This refrain, repeated frequently by regulators, litigants and the media in recent months, may now have found its clearest voice in...more
Covered Entities and Business Associates must comply with HIPAA in their use of online tracking technologies, including cookies, pixels or similar code. The U.S. Department of Health and Human Services (HHS), Office for Civil...more
12/8/2022
/ Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
PHI ,
Tracking Systems
The U.S. Department of Health and Human Services (HHS) has proposed to significantly revise rules governing patient records in substance use disorder (SUD) programs, commonly known as the Part 2 rules, with important...more
12/6/2022
/ CARES Act ,
Comment Period ,
Confidential Information ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Sharing ,
Medical Records ,
NPRM ,
Patient Privacy Rights ,
SAMHSA ,
Substance Abuse
Recent U.S. Department of Health Human Services (HHS) regulatory actions emphasize the role emerging technologies play in the provision of healthcare, particularly as clinical innovations proliferate in response to the...more
In the wake of the Supreme Court’s seismic decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health and Human Services (HHS) has issued guidance to help patients, providers, and other health...more
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
The National Institutes of Health has issued a request for information (RFI) on its Genomic Data Sharing (GDS) Policy to help ensure it keeps pace with the evolving genomic research landscape. The RFI will help inform...more
A new Policy Statement from the US Federal Trade Commission places companies that offer consumer-facing health apps and connected health and wellness devices on notice that they may be covered by a Health Breach Notification...more
10/6/2021
/ American Recovery and Reinvestment Act ,
Application Programming Interface (APIs) ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
Policy Statement ,
Popular
As we have previously highlighted, the California Privacy Rights Act (CPRA) creates a new category of personal information, called “sensitive personal information.” While the CPRA’s predecessor, the California Consumer...more
After a long hiatus, major league sports is making a successful return to the US. Intercollegiate sports too have returned in a limited fashion. There have been relatively few hiccups and the COVID-19 protocols implemented...more
The Federal Trade Commission (“FTC”) released an updated guidance document for complying with the Children’s Online Privacy Protection Act (“COPPA”). The revised guidance, released on June 21, 2017, explicitly identifies...more
8/8/2017
/ COPPA ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Smart Devices ,
Website Owner Liability ,
Websites
New York AG Settles Data Protection Enforcement Against Mobile Health Apps -
After a year-long investigation into mobile health apps claiming to be able to measure vital signs or health indicators through smartphone...more
4/28/2017
/ App Developers ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Financial Institutions ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
Marketing ,
Medical Devices ,
Misleading Statements ,
Mobile Health Apps ,
NYDFS ,
PHI ,
Popular ,
Regulatory Standards ,
Settlement ,
Smartphones