If enacted, the New York Health Information Privacy Act (“NYHIPA”) will be the latest in a series of state privacy laws that regulate health data outside of the traditional health care context. It would follow the passage of...more
Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more
1/17/2025
/ Artificial Intelligence ,
Audits ,
Compliance ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Ransomware ,
Risk Management
The HIPAA Privacy Rule has been modified by the US Department of Health and Human Services (HHS) to increase privacy protections for reproductive health care information. These changes, which will take effect in early 2026,...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
A new Policy Statement from the US Federal Trade Commission places companies that offer consumer-facing health apps and connected health and wellness devices on notice that they may be covered by a Health Breach Notification...more
10/6/2021
/ American Recovery and Reinvestment Act ,
Application Programming Interface (APIs) ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
Policy Statement ,
Popular
As we have previously highlighted, the California Privacy Rights Act (CPRA) creates a new category of personal information, called “sensitive personal information.” While the CPRA’s predecessor, the California Consumer...more
New York AG Settles Data Protection Enforcement Against Mobile Health Apps -
After a year-long investigation into mobile health apps claiming to be able to measure vital signs or health indicators through smartphone...more
4/28/2017
/ App Developers ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Financial Institutions ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
Marketing ,
Medical Devices ,
Misleading Statements ,
Mobile Health Apps ,
NYDFS ,
PHI ,
Popular ,
Regulatory Standards ,
Settlement ,
Smartphones