Whenever the topic of health and medical data comes up, the prevailing assumption often is that any of this information is subject to the federal Health Insurance Portability and Accountability Act (HIPAA) just by virtue of...more
The vast majority of commentary and public advice concerning data breaches surround, deservedly, the breach itself. This focus is only natural; it is the breach itself that requires victims to bring enormous resources to bear...more
With the onslaught of new privacy, AI and cyber legislation coupled with promises for enforcement and class action litigation, running a well-functioning and flexible privacy and cyber program is increasingly a critical...more
1/29/2025
/ Consumer Privacy Rights ,
Cookies ,
Cyber Incident Reporting ,
Data Breach ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information ,
State Privacy Laws
On March 18, 2024, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) updated prior guidance concerning the use of online tracking technologies, including cookies, by Covered...more
5/31/2024
/ Business Associates ,
Cookies ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
OCR ,
PHI ,
Popular ,
Tracking Systems ,
Web Tracking
As with a growing number of states, Connecticut passed a comprehensive consumer privacy law, the Connecticut Data Privacy Act (the “CTDPA”), on May 10, 2022. The CTDPA becomes effective on July 1, 2023 and, in spite of the...more
7/3/2023
/ Amended Legislation ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Controller ,
Data Deletion ,
Data Processors ,
Data Selling ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Minors ,
PHI ,
Sensitive Personal Information ,
State Privacy Laws
On April 27, 2023, the Washington state governor signed into law the My Health My Data Act, also known as the MHMDA. The majority of the law’s provisions will take effect on March 31, 2024, providing companies with one...more
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
1/21/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Covered Entities ,
Data Collection ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Personal Information ,
Prior Express Consent ,
Proposed Legislation
Although it received little notice, the CCPA was amended effective January 1, 2021 to clarify and modify the exemption relating to de-identified data, with particular focus on medical data. Specifically, AB 713 amended the...more