‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
1/2/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
Life Sciences ,
NPRM ,
OCR ,
PHI ,
Regulatory Agenda ,
Rulemaking Process
As of November 1, 2024, financial services companies regulated by the New York Department of Financial Services Cybersecurity Regulation face new requirements relating to cybersecurity governance, encryption, and incident...more
On Thursday, June 20, 2024, a U.S. District Court Judge ruled that the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) overstepped its authority to act when issuing its December 2022 bulletin...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
2/16/2024
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Federal Register ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
2/6/2024
/ Algorithms ,
Artificial Intelligence ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Transfers ,
Due Diligence ,
Federal Trade Commission (FTC) ,
FTC Act ,
Internet ,
Online Platforms ,
Privacy Policy ,
Unfair or Deceptive Trade Practices ,
Websites
Summer 2023 gave us a blast of new and distinctive consumer health data privacy legislation. The Washington legislature could not wait to start showing off and splashing around in the summer sun by passing the country’s...more
As industry stakeholders know, cyberattacks and breaches have been on the rise in the health care industry. IBM Security’s 2023 annual report notes that the average health care data breach has reached $10.93M and that health...more
This is Part Twelve, the final installment of our series of legal updates on the Washington My Health My Data Act (“WMHMDA”). We are thrilled that you came along as we dove into the intricacies of WMHMDA that are creating...more
8/30/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Eleven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
8/23/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Eight in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
7/24/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Healthcare ,
Personal Information ,
Popular ,
Privacy Laws ,
Washington
This is Part Seven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/18/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Information Technologies ,
Life Sciences ,
Personal Data ,
PHI ,
Washington
This is Part Six in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) in which Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
Oh say, can you see, Part 5 in our Washington My Health My Data Act series? This is the fifth installment in our series on the Washington My Health My Data Act (“WMHMDA”)....more
This is Part Four in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
This is Part Three in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
6/14/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Medical History ,
Mental Health ,
Personal Data ,
Personally Identifiable Information ,
Popular
After several months of privacy developments to start 2023, this trend has not only continued, but has continued at an accelerated pace into June. As state legislatures adjourn for summer recess, it is a good time to take...more
While it is not officially summer, it is after Memorial Day, a.k.a. the perfect time to pick out your beach reads. We recommend bumping Quarles’ series on the Washington My Health My Data Act (“WMHMDA”) to the top of your...more
Effects to consumer health data collection and processing will be felt in Washington and beyond with new consumer rights and consent requirements as well as a private right of action....more
After the year led with the effective dates for the California Consumer Privacy Act and the Virginia Consumer Data Protection Act, the first quarter of 2023 has continued to bring a number of data privacy updates and...more
As we settle in to 2023 and return to our “circle back in the new year” projects, it is a good time to catch up on data privacy and security updates from the end of 2022 and set priorities for 2023. To help you start the year...more
The long-awaited January 1, 2023 effective date of the California Privacy Rights Act (CPRA) has arrived and cannot be ignored or dismissed any longer. Many health care entities are aware of the Health Insurance Portability...more
Spring and summer have been busy seasons in the data privacy and security space. Here are some recent health updates to keep you up to speed...more
March was a busy month for data privacy and security, especially as it relates to health care entities. To help keep you up to date with the changes, we’ve included a few highlights for you below...
...more
4/6/2022
/ Cybersecurity Framework ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Life Sciences ,
Patient Privacy Rights ,
Proposed Legislation ,
Regulatory Reform ,
State Data Breach Notification Statutes
On October 6, 2021, California Governor Gavin Newsom signed into law the Genetic Information Privacy Act (GIPA). This follows Governor Newsom’s veto of an earlier version of the bill almost exactly one year ago. ...more