Whenever the topic of health and medical data comes up, the prevailing assumption often is that any of this information is subject to the federal Health Insurance Portability and Accountability Act (HIPAA) just by virtue of...more
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
5/31/2024
/ Business Associates ,
Cookies ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
The Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA” or “the Act”) is a new federal law, adopted in March 2022, which requires critical infrastructure entities to report certain cybersecurity incidents and...more
7/1/2022
/ Compliance ,
Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Enforcement ,
New Legislation ,
Ransomware ,
Reporting Requirements
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
1/21/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Covered Entities ,
Data Collection ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Personal Information ,
Prior Express Consent ,
Proposed Legislation
Although it received little notice, the CCPA was amended effective January 1, 2021 to clarify and modify the exemption relating to de-identified data, with particular focus on medical data. Specifically, AB 713 amended the...more