Starting April 3, Ohio hospitals will have to navigate new requirements under House Bill 173. This law mandates greater transparency in healthcare pricing. It also includes rules for selling or targeted advertising related to...more
3/24/2025
/ Advertising ,
Data Privacy ,
Health Care Providers ,
Healthcare ,
New Guidance ,
OCR ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Transparency
DTC Telehealth Platforms -
Arrangements involving telemedicine and direct-to-consumer (“DTC”) business services are expected to be a source of major regulatory scrutiny. In 2024, such arrangements were the focus of proposed...more
1/31/2025
/ Acquisitions ,
Anti-Kickback Statute ,
Artificial Intelligence ,
Cannabis Products ,
Clinical Trials ,
DEA ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Drug Pricing ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Fraud ,
Hart-Scott-Rodino Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratory Developed Tests ,
Life Sciences ,
Marijuana ,
Marketing ,
Medical Devices ,
Medical Marijuana ,
Mergers ,
Non-Compete Agreements ,
Pharmaceutical Industry ,
Prescription Drugs ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Section 340B ,
Technology Sector ,
Telehealth ,
Telemedicine
The New York Department of Financial Services (“NYDFS”) recently published guidance on managing cyber risks related to AI for the financial services and insurance industry. Though the circular letter does not introduce any...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
In a recent blog post, the FTC again cautioned entities that hashing data does not make that data anonymous. Hashing is a process that takes a particular input, such as a phone number or email address, and uses a mathematical...more
The FTC recently announced that it had finalized the changes to the Health Breach Notification Rule (HBNR). This is roughly one year later from when the proposed changes were first released and three years later from the...more
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
As we reflect on 2023 and make predictions for 2024, it is remarkable the number of significant events occurring this past year that will be impactful for the activities of the life sciences industry going forward. Although...more
1/26/2024
/ Acquisitions ,
Amgen v Sanofi ,
Antitrust Division ,
Artificial Intelligence ,
Biden Administration ,
Biosimilars ,
Chevron Deference ,
Clawbacks ,
Clinical Trials ,
Compensation ,
Compliance ,
Corporate Integrity Agreement ,
Criminal Prosecution ,
Data Preservation ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Drug Pricing ,
Enforcement ,
EU ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
Generic Drugs ,
Investigations ,
Life Sciences ,
Mergers ,
Mobile Devices ,
OPDP ,
Pharmaceutical Industry ,
Pilot Programs ,
Privacy Laws ,
Proposed Rules ,
Risk Management ,
Section 340B ,
Self-Disclosure Requirements ,
Voluntary Disclosure
While the US does not have some specific AI-focused law a host of regulators have been providing their thoughts about AI. Noticeable traction on the topic began in 2020. With the explosion of ChatGPT in 2023, commentary (and...more
This year has been active on the state “comprehensive” privacy law front. Seven states passed new laws in 2023 (Delaware, Iowa, Indiana, Tennessee, Montana, Florida, and Oregon). These states joined California, Connecticut,...more
12/27/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
Governor Newson recently signed two amendments to the CCPA strengthening protections for certain data types. The changes go into effect January 1, 2024....more
Among the various requirements under US state comprehensive privacy laws, those that relate to loyalty programs may be some of the most confusing. Only three states — California, Colorado and Florida — regulate these...more
The CPPA, the California regulatory body charged with enforcing CCPA, has now issued draft regulations on risk assessments and cybersecurity audits. The draft was released ahead of a public board meeting to discuss those...more
After some delay, Delaware’s governor has at last signed into law the thirteenth state comprehensive privacy law. This is the seventh law passed in 2023, joining Iowa, Indiana, Tennessee, Montana, Florida, and Oregon. The law...more
Texas recently enacted an amendment to its data breach notification law. As of September 1, 2023, there are two changes to the requirements when notifying the Texas Attorney General. In Texas, breaches of 250 residents or...more
Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee,...more
As more and more states are enacting privacy laws, organizations in the health care industry may be wondering what the impact these laws will have on them. At this point, there are privacy laws in 12 states, with one more...more
The FTC and OCR at HHS are continuing to scrutinize the use of tracking technologies that may reveal information about a person’s health or health status. Both agencies recently sent a letter to a reported 130 hospitals and...more
7/25/2023
/ Data Collection ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Privacy Laws ,
Section 5 ,
Telehealth ,
Tracking Systems
A California court recently issued a ruling delaying the CPPA’s ability to enforce the most recent CCPA regulations until March 29, 2024. This does not delay enforcement of the CCPA statute or existing regulations....more
The FTC recently proposed amendments to the Health Breach Notification Rule (HBNR). This is on trend with its aggressive interest over the last couple of years in health data not covered by HIPAA....more
6/27/2023
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments
Companies may want to review their consumer rights processes as we approach July 1. This is the date of enforcement for those parts of CCPA modified by CPRA. It is also the effective date of two more state privacy laws:...more
Florida has become the latest state to enact a comprehensive privacy law this year when SB 262 was signed by Governor DeSantis last week. It combines some new, and some familiar, provisions. It has also passed a child privacy...more
6/13/2023
/ Consumer Privacy Rights ,
Data Privacy ,
Florida ,
Governor DeSantis ,
Online Safety for Children ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Right-To-Access ,
Social Media ,
State Privacy Laws
On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. This law, named the “My Health My Data Act,” covers a very wide range of entities,...more
Indiana has now become the seventh US state to enact a comprehensive privacy law after Senate Bill 5 (“SB5”) was signed by the governor on May 1, 2023. The new law will go into effect January 1, 2026, and is almost identical...more
In this second post in our ongoing series, we examine the scope of rights given to consumers under the recently enacted My Health My Data Act... The law provides consumers several rights, all of which are in other privacy...more
5/4/2023
/ Consumer Privacy Rights ,
Data Protection ,
Digital Health ,
Enforcement ,
Non-Discrimination Rules ,
Privacy Laws ,
Right to Delete ,
Right-To-Access ,
State and Local Government ,
State Privacy Laws ,
Washington