If enacted, the New York Health Information Privacy Act (“NYHIPA”) will be the latest in a series of state privacy laws that regulate health data outside of the traditional health care context. It would follow the passage of...more
On February 6, 2025, the Trump Administration released published a Request for Information (RFI) on behalf of the White House Office of Science and Technology Policy (OSTP) concerning the development of an Artificial...more
The U.S. Department of Justice (DOJ) has finalized its rule on “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” which restricts data brokerage...more
The HIPAA Privacy Rule has been modified by the US Department of Health and Human Services (HHS) to increase privacy protections for reproductive health care information. These changes, which will take effect in early 2026,...more
Adding to the growing trend of policymakers interested in regulating health and wellness data, last week U.S. Senator Bill Cassidy requested stakeholder feedback to help identify solutions to modernize HIPAA and ensure all...more
9/12/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more
At our recent Health Care AI Law and Policy Summit, Hogan Lovells partner Melissa Bianchi moderated a panel discussion on the state of the health care AI industry. Joined by representatives from the American Medical...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
A new Policy Statement from the US Federal Trade Commission places companies that offer consumer-facing health apps and connected health and wellness devices on notice that they may be covered by a Health Breach Notification...more
10/6/2021
/ American Recovery and Reinvestment Act ,
Application Programming Interface (APIs) ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
Policy Statement ,
Popular
Consent is newly defined by the California Privacy Rights Act (CPRA). While this new definition of consent—which highlights specific, informed, and freely-given actions—closely aligns with the European Union’s General Data...more
4/23/2021
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Personal Data ,
Popular ,
Prior Express Consent
On June 1, The California Attorney General (CA AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval. ...more
6/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Right to Delete ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Washington State is already shaping up as a center of state privacy legislation for 2020.
Last year, SB 5376 (also known as the Washington Privacy Act, or WPA) gained significant traction in the legislature, passing the...more
1/14/2020
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Proposed Legislation ,
Right to Delete ,
State and Local Government
On October 17, 2019, the Hogan Lovells Privacy and Cybersecurity team discussed key elements of the California Attorney General’s proposed regulations implementing certain provisions of the California Consumer Privacy Act...more
11/5/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Right to Delete ,
Rulemaking Process ,
State and Local Government
On October 10, California Attorney General Xavier Becerra (CA AG) released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The CA AG also released a Notice of Proposed...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Information Sharing ,
Non-Discrimination Rules ,
NPRM ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act.
The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences...more
10/8/2018
/ California Consumer Privacy Act (CCPA) ,
Clinical Trials ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Life Sciences ,
Nonprofits ,
Personally Identifiable Information ,
Privacy Laws