On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
4/10/2025
/ Banks ,
Cybersecurity ,
Data Security ,
Filing Deadlines ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
Last week, on March 24, Virginia Governor Glenn Youngkin signed SB 754, which amends the Virginia Consumer Protection Act (Act) to regulate obtaining and disclosing “reproductive or sexual health information” by any...more
4/3/2025
/ Consent ,
Consumer Privacy Rights ,
Data Collection ,
Enforcement Actions ,
Healthcare ,
New Legislation ,
Patient Privacy Rights ,
Pregnancy ,
Regulatory Requirements ,
Reproductive Healthcare Issues ,
State Privacy Laws ,
Virginia
As of March 2025, 24 states have adopted the National Association of Insurance Commissioners (NAIC) Model Bulletin on the Use of Artificial Intelligence (AI) Systems by insurers with little to no material changes. As we...more
4/3/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Consumer Insurance Products ,
Information Governance ,
Insurance Regulations ,
Machine Learning ,
NAIC ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
3/24/2025
/ Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Machine Learning ,
NIST ,
Risk Management ,
Vulnerability Assessments
On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”) took action pursuant to President Trump’s Executive Order 14187 (“EO 14187”), which is aimed at ending gender affirming care for minors. EO 14187...more
2/21/2025
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Executive Orders ,
Gender Expression ,
Gender Identity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
LGBTQ ,
Patient Access ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
Transgender ,
Trump Administration
It took some time, but we officially have the first complaint filed alleging violations of the Washington My Health, My Data Act (“MHMDA”). The complaint, filed February 10 in the U.S. District Court Western District of...more
2/14/2025
/ Amazon Marketplace ,
Biometric Information ,
Class Action ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Healthcare ,
PHI ,
Prior Express Consent ,
State Privacy Laws ,
Statutory Violations ,
Targeted Digital Advertising ,
Washington ,
Wiretapping
Shortly after publication of last week’s Client Alert on recent developments in artificial intelligence (AI) executive orders, the Trump Administration issued a new Executive Order with some additional clarification on the...more
On President Trump’s first day in office, he rescinded 78 Biden-era Executive Orders via an Executive Order Initial Rescissions of Harmful Executive Orders and Actions (EO 14145). On the list of rescinded Executive Orders is...more
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
1/2/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
Life Sciences ,
NPRM ,
OCR ,
PHI ,
Regulatory Agenda ,
Rulemaking Process
December 23, 2024, was the compliance deadline for HIPAA covered entities and business associates to apply the protections of the HIPAA Privacy Rule to support Reproductive Health Care Privacy Final Rule—that is all covered...more
On September 18, 2024, the Attorney General (AG) of Texas announced a settlement with an artificial intelligence-focused healthcare technology company to resolve allegations of false and misleading statements about the...more
10/16/2024
/ Artificial Intelligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
False Statements ,
Health Care Providers ,
Health Technology ,
Life Sciences ,
Misleading Statements ,
Settlement ,
State Attorneys General ,
Texas
As we settle into spooky season, let’s take a minute to consider a recent development in health care privacy as we ask ourselves, is this a trick or a treat?...more
10/11/2024
/ Data Management ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
State Attorneys General ,
Statutory Authority ,
Texas
As of November 1, 2024, financial services companies regulated by the New York Department of Financial Services Cybersecurity Regulation face new requirements relating to cybersecurity governance, encryption, and incident...more
On August 29, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) withdrew its appeal of the U.S. District Court for the Northern District of Texas’s (Court) June 20, 2024 decision in...more
Providers and payers contracting with Arizona’s Medicaid agency, the Arizona Health Care Cost Containment System (“AHCCCS”), and all such AHCCCS contractors’ subcontracts must reference and require compliance with the AHCCCS...more
On Thursday, June 20, 2024, a U.S. District Court Judge ruled that the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) overstepped its authority to act when issuing its December 2022 bulletin...more
State regulators are taking action on the use of artificial intelligence in insurance. To date, nearly a dozen states have adopted some form of the National Association of Insurance Commissioners (NAIC) Model Bulletin on the...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) released its anticipated Final Rule last week. The Final Rule revises...more
2/26/2024
/ CARES Act ,
Confidential Information ,
Consent ,
Data Management ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
OCR ,
Patient Privacy Rights ,
PHI ,
SAMHSA ,
Substance Abuse
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
2/16/2024
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Federal Register ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
2/6/2024
/ Algorithms ,
Artificial Intelligence ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Transfers ,
Due Diligence ,
Federal Trade Commission (FTC) ,
FTC Act ,
Internet ,
Online Platforms ,
Privacy Policy ,
Unfair or Deceptive Trade Practices ,
Websites
Everyone seems to be talking about AI these days. There is no shortage of news stories about new advances in AI technology, the latest missteps of people using “bad” information generated from AI technology, and conjecture...more
Why is everyone talking about provider disclosures to law enforcement of late? The Senate Finance Committee authored a letter to Xavier Becerra, Secretary of the U.S. Department of Health and Human Services (HHS), outlining...more
1/12/2024
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Requests ,
Law Enforcement ,
Life Sciences ,
Patient Privacy Rights ,
PHI ,
Roe v Wade
On December 13, the U.S. Department of Health and Human Services (HHS) through the Office of the National Coordinator for Health Information Technology (ONC) finalized its Health Data, Technology, and Interoperability:...more
This newsletter provides updates employers should be aware of heading into 2024, including an outline of the updated 2024 retirement and welfare plan limits, instructions related to the “gag order” attestation requirements...more
11/16/2023
/ 401k ,
403(b) Plans ,
Benefit Plan Sponsors ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Department of Labor (DOL) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employees ,
Fiduciary ,
Fiduciary Rule ,
Gag Clauses ,
Health and Welfare Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
Investment Adviser ,
Popular ,
Retirement Plan ,
Securities and Exchange Commission (SEC)