Following the Supreme Court’s ruling overturning Roe v. Wade in Dobbs v. Jackson Women’s Health Organization, the Biden Administration has outlined a framework for federal executive action designed to protect access to...more
7/21/2022
/ Biden Administration ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Executive Orders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
New Guidance ,
PHI ,
Reproductive Healthcare Issues
Last week, Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA) and Senator Roger Wicker (R-MS) released a draft federal privacy proposal titled the American Data Privacy and Protection Act (ADPPA). ADPPA is...more
6/8/2022
/ California Consumer Privacy Act (CCPA) ,
Congressional Committees ,
Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Duty of Loyalty ,
Enforcement ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Preemption ,
Private Right of Action ,
Proposed Legislation ,
Sensitive Personal Information ,
State Privacy Laws
On April 20, 2022, Connecticut’s Senate passed S.B. 6, an Act concerning Personal Data Privacy and Online Monitoring. The comprehensive privacy bill will now move to the Connecticut House, where it has the potential to become...more
Last week, two bills were proposed in Congress aimed at improving consumer privacy protection. These proposals focus on specific areas of privacy law – health data that falls outside of HIPAA and do-not-track signals....more
Last week, the Federal Trade Commission (“FTC”) released two guidance documents to aid in compliance with its Health Breach Notification Rule (“the Rule”), which requires “vendors of personal health records” or “PHR related...more
Despite its antecedents in one of the most widely cited law review articles of all time from more than 130 years ago, modern United States privacy law is roughly twenty years old. Even though still in its relative infancy,...more
7/8/2021
/ Big Data ,
California Consumer Privacy Act (CCPA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Sensitive Personal Information ,
State Privacy Laws
On June 7, 2021, the Colorado House of Representatives passed the Colorado Privacy Act (CPA), a comprehensive privacy law similar to the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), as well...more
6/9/2021
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
On January 15, 2021, the Fifth Circuit vacated a $4.3 million penalty that the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) had issued against the University of Texas M.D. Anderson Cancer...more
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
12/23/2020
/ 21st Century Cures Act ,
Business Associates ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
NIST ,
Penalties ,
Rulemaking Process
Following a pattern of familiarity for health lawyers, the Department of Health and Human Services (HHS) has released a substantial Notice of Proposed Rulemaking (NPRM) in December at the end of an administration. The NPRM is...more
Health-care privacy is at a crossroads. For almost 20 years, the health-care industry has addressed the requirements of the HIPAA Privacy and Security Rules, building reasonable and appropriate compliance programs from an...more
We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more
In a flurry of legislative activity, the California legislature passed a number of last-minute privacy bills that now await the signature of Governor Gavin Newsom in order to go into effect. As was expected, the California...more
I am not a real academic. I teach privacy law very part-time as an adjunct professor. I am a full-time law firm partner, focusing on privacy and data security issues.
I have been teaching formal privacy and data security...more
This second installment assesses options for moving forward to address emerging gaps and an evolving health care industry. Why? Because the substantial history behind the Health Insurance Portability and Accountability Act...more
2/10/2020
/ California Consumer Privacy Act (CCPA) ,
CMIA ,
Covered Entities ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Privacy Laws ,
Proposed Legislation
In the U.S., we do not, today, have a national privacy law. Pressure from the EU, via the General Data Protection Regulation, and from California, via the California Consumer Privacy Act, are driving an extensive national...more
The United States has always had privacy law. For most of our history it mainly regulated the government in connection with its citizens.
About 20 years ago we started modern privacy - presumably why we have Data Privacy...more
The purpose of this article is to provide background information on the California Consumer Privacy Act and specifically the exemptions that generally will be applicable to the insurance industry. While developing a...more
1/28/2020
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
California Financial Information Privacy Act (CFIPA) ,
Compliance ,
Employee Privacy Rights ,
Exemptions ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Insurance Industry ,
Personal Information ,
Security and Privacy Controls ,
State Attorneys General
Congress is debating whether to enact a national privacy law. Such a law would upend the approach that has been taken so far in connection with privacy law in the United States, which has either been sector specific...more
The HIPAA privacy rules have been in the news a lot lately. That’s good, but not when it’s for the wrong reasons or based on a misunderstanding of the rules....more