On January 18, the New Hampshire legislature passed on a bipartisan basis its version of the state comprehensive privacy law first adopted by Virginia in 2021 and subsequently by more than ten other states, most recently New...more
The Vermont Legislature is considering its version (S.173) of Washington’s My Health My Data Act to regulate non-HIPAA health data. If enacted, the Vermont law would take effect on January 1, 2025. The bill is premised on a...more
1/26/2024
/ Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Patient Privacy Rights ,
Pending Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Data Privacy Laws ,
Vermont
On January 8, 2024, New York Governor Kathy Hochul and the New York Office of Information Technology Services (NY ITS) announced two major initiatives on artificial intelligence (AI) that will impact private and public...more
1/10/2024
/ Artificial Intelligence ,
Automation Systems ,
Cooperation Initiative ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Healthcare ,
Innovative Technology ,
Intellectual Property Protection ,
Machine Learning ,
New York ,
Popular ,
Regulatory Agenda ,
Risk Assessment
Hospitals, health systems and providers are targets of cyberattacks at an alarming rate, putting patient data, electronic infrastructure and, most importantly, patient lives at risk. The Department of Health and Human...more
1/3/2024
/ Continuing Legal Education ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
New York ,
Popular ,
Proposed Regulation ,
Ransomware ,
Risk Mitigation ,
Webinars
Balancing cybersecurity incident disclosures has been a challenge for those in the trenches for years. That has not changed, and recent regulatory activity should not alter the challenges breach counsel confront. In short,...more
12/15/2023
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Breach Notification Standard ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
NYDFS ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes
With recent events underscoring the Federal Trade Commission’s (FTC) heightened scrutiny of and enforcement efforts against health app companies collecting or using consumer health information, it's imperative for these same...more
9/5/2023
/ Best Practices ,
Breach Notification Rule ,
Continuing Legal Education ,
Contract Drafting ,
Contract Negotiations ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Due Diligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Health Apps ,
Notification Requirements ,
Privacy Policy ,
Proposed Rules ,
Service Agreements ,
Terms of Service ,
Third-Party Risk ,
Webinars
The plaintiff’s bar continues to bring new wiretapping claims over pixels and analytics programs in courts around the country, including against hospitals and other entities covered by the Health Insurance Portability and...more
8/22/2023
/ Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Metadata ,
OCR ,
Privacy Rule
Covered entities are used to ensuring that many different facets of their operations comply with Health Insurance Portability and Accountability Act (HIPAA) rules. Among other things, covered entities must ensure that they...more
Wiretapping claims have become the focus of the privacy plaintiff’s bar. These cases are everywhere, and the hospital industry in particular has been in the crosshairs of recent filings (with as many as a couple of dozen new...more
Synopsis: While certain industries have been able to navigate the explosion of privacy laws in recent times through express statutory exemptions or exceptions (often due to other regulatory regimes being in place, such as the...more
3/6/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Financial Institutions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
State Privacy Laws ,
Vendors
Hospitals, health systems and providers are targets of cyberattacks, putting valuable patient data and, more importantly, patient lives at risk. The Department of Health and Human Services’ Office of Civil Rights reported an...more
2/22/2023
/ Continuing Legal Education ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
Patient Safety ,
Popular ,
Ransomware ,
Risk Mitigation ,
Webinars
Synopsis. The Ohio Supreme Court ruled last week that insurance coverage was not available to a cloud-based medical software provider because, under the applicable insurance policy, “[c]omputer software cannot experience...more
Right now, beginning on January 1, 2023, the California Consumer Privacy Act (the CCPA), as amended by the passage of the California Privacy Rights Act in the November 2020 election, will apply to personal information...more
What Is the Current Status of Federal and State Privacy Law?
Federal Privacy Law -
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the primary federal law that protects patients’ health care...more
Recent events illustrate that the e-gaming industry—developers, publishers, esports leagues and teams, and the financial machinations behind them—are significant targets for cyberattacks, theft and cyber-criminality....more
5/3/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
eSports ,
Malware ,
Metaverse ,
Online Gaming ,
Online Platforms ,
Popular ,
Risk Mitigation ,
Video Games ,
Vulnerability Assessments ,
Websites
Join an interdisciplinary panel of Manatt professionals for the third of a three-part webinar series on the metaverse and the dawn of the Web3 era.
While Parts One and Two of our series focused on the blockchain basics and...more
To close out 2021, the European Data Protection Board (EDPB) adopted additional General Data Protection Regulation (GDPR) data breach notification guidelines in Guidelines 01/2021 on Examples regarding Personal Data Breach...more
3/7/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Popular ,
Reporting Requirements
On November 18, the Office of the Comptroller of the Currency, the Federal Reserve and the Federal Deposit Insurance Corporation (FDIC) adopted a rule that will require banking organizations and their bank service providers...more
Last year, as employees clicked away at home amid the COVID-19 pandemic lockdown, ransomware attacks surged, with hospitals and other health care providers the top target. This year will be worse—2021 has already seen more...more
11/12/2021
/ Bitcoin ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Economic Sanctions ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Virtual Currency
In late October, the Consumer Financial Protection Bureau (CFPB) sent a shot across the bow at Big Tech’s use of consumer payments data. While much of the industry has focused on the impact on Big Tech, some lenders, lead...more
11/5/2021
/ Big Tech ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Information ,
Data Brokers ,
Data Management ,
Data-Sharing ,
Financial Institutions ,
Financial Services Industry ,
Payment Systems ,
Popular ,
Third-Party Service Provider
On March 2, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA), making Virginia the latest state to enact a cross-industry privacy rights law. The CDPA displays a blend of concepts from two leading...more
3/5/2021
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
State Privacy Laws ,
Virginia
Underwriting is critical to insurance profits: Identify, qualify, and quantify the risk that an insurance policy covers and set the premiums across a pool of the policies to cover the risk. It is the original hedge fund, in...more
While global media outlets have focused attention on election security, major U.S. healthcare facilities have been under direct cyberattacks in recent months. This follows disruptive cyberattacks on municipalities earlier...more
Alleged violations of privacy laws continue to bedevil the federal courts—in particular, with respect to determining whether an alleged violation creates a sufficiently concrete and redressable grievance to permit the federal...more
12/4/2020
/ Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Retention ,
Employee Privacy Rights ,
Injury-in-Fact ,
Jurisdiction ,
LMRA ,
Standing
On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA amends and expands the California Consumer Privacy Act (CCPA)—California’s...more
11/18/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Information ,
Sensitive Personal Information