On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
4/10/2025
/ Banks ,
Cybersecurity ,
Data Security ,
Filing Deadlines ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
3/24/2025
/ Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Machine Learning ,
NIST ,
Risk Management ,
Vulnerability Assessments
On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”) took action pursuant to President Trump’s Executive Order 14187 (“EO 14187”), which is aimed at ending gender affirming care for minors. EO 14187...more
2/21/2025
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Executive Orders ,
Gender Expression ,
Gender Identity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
LGBTQ ,
Patient Access ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
Transgender ,
Trump Administration
On December 2, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced a settlement with Holy Redeemer Family Medicine, a Pennsylvania covered entity, regarding an alleged violation...more
12/5/2024
/ Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Settlement
As of November 1, 2024, financial services companies regulated by the New York Department of Financial Services Cybersecurity Regulation face new requirements relating to cybersecurity governance, encryption, and incident...more
On August 29, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) withdrew its appeal of the U.S. District Court for the Northern District of Texas’s (Court) June 20, 2024 decision in...more
The Federal Trade Commission (“FTC”) recently published its Final Rule amending the Health Breach Notification Rule (“HBNR”). The updated HBNR, which regulates entities that handle certain personal health information, other...more
On Thursday, June 20, 2024, a U.S. District Court Judge ruled that the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) overstepped its authority to act when issuing its December 2022 bulletin...more
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
2/16/2024
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Federal Register ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI
Why is everyone talking about provider disclosures to law enforcement of late? The Senate Finance Committee authored a letter to Xavier Becerra, Secretary of the U.S. Department of Health and Human Services (HHS), outlining...more
1/12/2024
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Requests ,
Law Enforcement ,
Life Sciences ,
Patient Privacy Rights ,
PHI ,
Roe v Wade
As industry stakeholders know, cyberattacks and breaches have been on the rise in the health care industry. IBM Security’s 2023 annual report notes that the average health care data breach has reached $10.93M and that health...more
As of September 1, 2023, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) can officially begin enforcement against Certified Health Information Technology (“HIT”) developers, health...more
9/11/2023
/ 21st Century Cures Act ,
Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Information Blocking Rules ,
OIG
This is Part Nine in a series of legal updates on the Washington My Health My Data (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/26/2023
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Breach ,
Data Collection ,
Data Privacy ,
Enforcement Guidance ,
Healthcare ,
Life Sciences ,
Personal Data ,
Private Right of Action ,
Washington
This is Part Seven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/18/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Information Technologies ,
Life Sciences ,
Personal Data ,
PHI ,
Washington
After several months of privacy developments to start 2023, this trend has not only continued, but has continued at an accelerated pace into June. As state legislatures adjourn for summer recess, it is a good time to take...more
On April 12, 2023, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM), aimed at strengthening the Health Insurance Portability and...more
On March 16, 2023, the Food and Drug Administration (FDA) released final guidance regarding definitions of "suspect product" and "illegitimate product" as part of a continued effort to prepare trading partners for the...more
3/22/2023
/ Counterfeit Drugs ,
Drug Distribution ,
DSCSA ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Final Guidance ,
Food & Drug Regulations ,
Food and Drug Administration (FDA) ,
Healthcare ,
Life Sciences ,
Pharmaceutical Industry ,
Prescription Drugs ,
Stolen Goods
The Biden Administration announced that the federal COVID-19 Public Health Emergency (PHE) will expire at the end of the day on May 11, 2023. As we draw closer to the expiration date of the PHE, do you feel fine about your...more
3/20/2023
/ Biden Administration ,
Business Associates Agreement (BAA) ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Public Health Emergency ,
Telehealth ,
Telemedicine
The long-awaited January 1, 2023 effective date of the California Privacy Rights Act (CPRA) has arrived and cannot be ignored or dismissed any longer. Many health care entities are aware of the Health Insurance Portability...more
Spring and summer have been busy seasons in the data privacy and security space. Here are some recent health updates to keep you up to speed...more