Share on Twitter Share by Email Share Back to top Digital health companies increasingly rely on AI-powered messaging platforms, chatbots, and virtual assistants to engage patients through text and voice. However, a June 2025...more
For AI companies in the health care space, data is everything. It fuels model performance, drives product differentiation, and can make or break scalability. Yet too often, data rights are vaguely defined or completely...more
6/26/2025
/ Artificial Intelligence ,
Contract Terms ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Liability ,
Patient Privacy Rights ,
PHI ,
Regulatory Requirements ,
Risk Management
Share on Twitter Share by Email Share Back to top HIPAA Security Risk Analyses (SRAs) should be the foundation of every digital health company’s cybersecurity compliance. Far more than a checkbox exercise, a comprehensive SRA...more
6/19/2025
/ Acquisitions ,
Artificial Intelligence ,
Cybersecurity ,
Data Security ,
Digital Health ,
Due Diligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
HIPAA Security Rule ,
Mergers ,
OCR ,
PHI ,
Risk Management ,
Vendors
AI scribes are quickly becoming the digital sidekick of modern health care. They promise to reduce clinician burnout, streamline documentation, and improve the patient experience. But as health care providers and digital...more
6/10/2025
/ Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Machine Learning ,
PHI ,
Popular ,
Risk Management
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
6/10/2025
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Disclosure Requirements ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
State Privacy Laws
Artificial intelligence (AI) is widely transforming digital health, including by automating certain patient communications. However, as health care companies consider deploying AI-driven chatbots, texting platforms, and...more
5/29/2025
/ Artificial Intelligence ,
ATDS ,
Automation Systems ,
Compliance ,
Consent ,
Digital Health ,
Facebook Inc v Duguid ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Regulatory Requirements ,
Risk Assessment ,
SCOTUS ,
TCPA
Artificial intelligence (AI) is rapidly reshaping the digital health sector, driving advances in patient engagement, diagnostics, and operational efficiency. However, for Privacy Officers, AI’s integration into digital health...more
5/9/2025
/ Artificial Intelligence ,
Bias ,
Compliance ,
Data Privacy ,
Data Security ,
Digital Health ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
Editor’s Note: PYA and Foley & Lardner hosted the 7th Annual “Let’s Talk Compliance” two-day virtual conference on January 23 and 24, 2025. Panelists included Foley attorneys and PYA subject matter experts. The event was...more
3/5/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Department of Government Efficiency (DOGE) ,
Department of Health and Human Services (HHS) ,
Fraud ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medicaid ,
Medicare ,
OIG ,
Risk Assessment ,
Third-Party
The New York Health Information Privacy Act (NYHIPA), if enacted, could create a chilling effect on patient access and engagement to readily available digital health care services relied upon by New Yorkers. Digital health...more
1/24/2025
/ Compliance ,
Data Privacy ,
Digital Health ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mental Health ,
New Legislation ,
New York ,
Patient Privacy Rights ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
1/7/2025
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Multi-Factor Authentication ,
NIST ,
Notice of Proposed Rulemaking (NOPR) ,
Policies and Procedures ,
Proposed Rules ,
Ransomware ,
Risk Management
The amendments to the HIPAA Privacy Rule designed to protect reproductive health care information (Amendments) are under legal challenge as the compliance date quickly approaches.
As discussed in more detail in our...more
12/20/2024
/ Administrative Procedure Act ,
Compliance ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
New Amendments ,
Privacy Laws ,
Reproductive Healthcare Issues ,
SCOTUS
Recognizing the increasing number of successful cyberattacks targeting health care organizations and their valuable patient data, the Office of the Inspector General (OIG) is calling for enhancements to the HIPAA audit...more
12/10/2024
/ Audits ,
Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Noncompliance ,
OCR ,
OIG ,
PHI ,
Vulnerability Assessments
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
Share on Twitter Print Share by Email Share Back to top HIPAA regulated entities may now begin implementing the amendments to the HIPAA Privacy Rule to provide additional protections for reproductive health care information...more
Following the Vermont Senate’s failure to override Governor Phil Scott’s veto of the Vermont Data Privacy Act (VDPA), the much-discussed bill will not be enacted into law – at least in its current form. As passed by the...more
Pixels, cookies, and trackers continue to be front of mind for HIPAA regulated entities seeking clarity on their ability to advertise, market, and engage with existing and prospective patients. On March 18, 2024, the U.S....more
3/21/2024
/ Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Innovative Technology ,
Privacy Laws ,
Tracking Systems ,
Web Tracking ,
Websites
In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the National Institute of Standards and...more
Editor’s Note: PYA and Foley & Lardner hosted the 6th Annual “Let’s Talk Compliance” two-day Virtual Conference on January 18 and 19, 2024. Panelists included Foley & Lardner attorneys and PYA experts. The event was hosted by...more
Substance Use Disorder (SUD) programs and HIPAA-regulated entities seeking to streamline their privacy and security practices and workflows received welcome news from the U.S. Department of Health & Human Services (HHS) last...more
2/13/2024
/ Applicability Date ,
Breach Notification Rule ,
CARES Act ,
Consent ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Notice of Proposed Rulemaking (NOPR) ,
Patient Rights ,
Penalties ,
PHI ,
Substance Abuse
On January 16, 2024, New Jersey Governor Phil Murphy signed Senate Bill (SB) 332, establishing New Jersey’s consumer data privacy law, the New Jersey Data Privacy Act (NJDPA) which will be effective January 15, 2025. This...more
1/25/2024
/ California Privacy Rights Act (CPRA) ,
CDPA ,
Data Protection ,
Enforcement ,
FERPA ,
Fines ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Jersey ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
State Privacy Laws ,
Transparency
On November 14, 2023, the Wisconsin State Assembly passed Assembly Bill 466, otherwise known as the Wisconsin Data Privacy Act (WDPA). The bill passed on its third reading and was immediately ordered to the Wisconsin State...more
11/28/2023
/ Colleges ,
Consent ,
Data Processors ,
Data Protection ,
Enforcement ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Notification Requirements ,
Opt-Outs ,
Personal Information ,
Right To Know ,
Sensitive Personal Information ,
State Data Privacy Laws ,
Universities ,
Wisconsin
Recognizing the evolving landscape of care delivery and growth of telehealth, the U.S. Department of Health and Human Services (HHS) published a resource guide aimed at assisting telehealth providers in explaining the privacy...more
On October 10, 2023, California Governor Gavin Newsom signed into law SB-362, a measure amending existing California laws regulating data brokers and granting California residents the right to delete all personal information...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more