Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
3/24/2025
/ Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Machine Learning ,
NIST ,
Risk Management ,
Vulnerability Assessments
As we settle into spooky season, let’s take a minute to consider a recent development in health care privacy as we ask ourselves, is this a trick or a treat?...more
10/11/2024
/ Data Management ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
State Attorneys General ,
Statutory Authority ,
Texas
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) released its anticipated Final Rule last week. The Final Rule revises...more
2/26/2024
/ CARES Act ,
Confidential Information ,
Consent ,
Data Management ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Regulations ,
OCR ,
Patient Privacy Rights ,
PHI ,
SAMHSA ,
Substance Abuse
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
2/16/2024
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Federal Register ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI
The upcoming year will continue to hold challenges for data privacy programs. The Quarles Privacy Week 2024 programming from this week has provided an overview of the upcoming issues and challenges that are on the horizon....more
2/6/2024
/ Algorithms ,
Artificial Intelligence ,
Data Privacy ,
Data Processing Rules ,
Data Protection ,
Data Transfers ,
Due Diligence ,
Federal Trade Commission (FTC) ,
FTC Act ,
Internet ,
Online Platforms ,
Privacy Policy ,
Unfair or Deceptive Trade Practices ,
Websites
This newsletter provides updates employers should be aware of heading into 2024, including an outline of the updated 2024 retirement and welfare plan limits, instructions related to the “gag order” attestation requirements...more
11/16/2023
/ 401k ,
403(b) Plans ,
Benefit Plan Sponsors ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Department of Labor (DOL) ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Employees ,
Fiduciary ,
Fiduciary Rule ,
Gag Clauses ,
Health and Welfare Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
Investment Adviser ,
Popular ,
Retirement Plan ,
Securities and Exchange Commission (SEC)
Summer 2023 gave us a blast of new and distinctive consumer health data privacy legislation. The Washington legislature could not wait to start showing off and splashing around in the summer sun by passing the country’s...more
As of September 1, 2023, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) can officially begin enforcement against Certified Health Information Technology (“HIT”) developers, health...more
9/11/2023
/ 21st Century Cures Act ,
Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Information Blocking Rules ,
OIG
This is Part Twelve, the final installment of our series of legal updates on the Washington My Health My Data Act (“WMHMDA”). We are thrilled that you came along as we dove into the intricacies of WMHMDA that are creating...more
8/30/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Eleven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
8/23/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Ten in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
This is Part Six in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) in which Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
This is Part Three in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
6/14/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Medical History ,
Mental Health ,
Personal Data ,
Personally Identifiable Information ,
Popular
Effective today, October 6, 2022, the Information Blocking Rule will expand in scope to prohibit interfering with access or exchange of information in a designated record set. With this expansion of the Information Blocking...more
Spring and summer have been busy seasons in the data privacy and security space. Here are some recent health updates to keep you up to speed...more
On October 6, 2021, California Governor Gavin Newsom signed into law the Genetic Information Privacy Act (GIPA). This follows Governor Newsom’s veto of an earlier version of the bill almost exactly one year ago. ...more
Does HIPAA prevent businesses from asking whether customers or clients are vaccinated? (No). Does HIPAA prevent an employer from requiring an employee to disclose vaccination status? (No). Does HIPAA prohibit doctors from...more