A federal judge in Texas has vacated almost all of the 2024 HIPAA Rule to Support Reproductive Health Care Privacy that created special protections for reproductive health care information, finding that the U.S. Department of...more
6/26/2025
/ Abortion ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Fertility Treatments ,
Final Rules ,
Gender Identity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Patient Access ,
Patient Privacy Rights ,
Regulatory Requirements ,
Reproductive Healthcare Issues ,
Statutory Authority ,
Vacated ,
Women's Rights
Last week, on March 24, Virginia Governor Glenn Youngkin signed SB 754, which amends the Virginia Consumer Protection Act (Act) to regulate obtaining and disclosing “reproductive or sexual health information” by any...more
4/3/2025
/ Consent ,
Consumer Privacy Rights ,
Data Collection ,
Enforcement Actions ,
Healthcare ,
New Legislation ,
Patient Privacy Rights ,
Pregnancy ,
Regulatory Requirements ,
Reproductive Healthcare Issues ,
State Privacy Laws ,
Virginia
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
3/24/2025
/ Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Machine Learning ,
NIST ,
Risk Management ,
Vulnerability Assessments
On February 20, 2025, the U.S. Department of Health and Human Services (“HHS”) took action pursuant to President Trump’s Executive Order 14187 (“EO 14187”), which is aimed at ending gender affirming care for minors. EO 14187...more
2/21/2025
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Executive Orders ,
Gender Expression ,
Gender Identity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
LGBTQ ,
Patient Access ,
Patient Privacy Rights ,
PHI ,
Reproductive Healthcare Issues ,
Transgender ,
Trump Administration
It took some time, but we officially have the first complaint filed alleging violations of the Washington My Health, My Data Act (“MHMDA”). The complaint, filed February 10 in the U.S. District Court Western District of...more
2/14/2025
/ Amazon Marketplace ,
Biometric Information ,
Class Action ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Healthcare ,
PHI ,
Prior Express Consent ,
State Privacy Laws ,
Statutory Violations ,
Targeted Digital Advertising ,
Washington ,
Wiretapping
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
1/2/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
Life Sciences ,
NPRM ,
OCR ,
PHI ,
Regulatory Agenda ,
Rulemaking Process
December 23, 2024, was the compliance deadline for HIPAA covered entities and business associates to apply the protections of the HIPAA Privacy Rule to support Reproductive Health Care Privacy Final Rule—that is all covered...more
Providers and payers contracting with Arizona’s Medicaid agency, the Arizona Health Care Cost Containment System (“AHCCCS”), and all such AHCCCS contractors’ subcontracts must reference and require compliance with the AHCCCS...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
2/16/2024
/ Covered Entities ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Federal Register ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI
Why is everyone talking about provider disclosures to law enforcement of late? The Senate Finance Committee authored a letter to Xavier Becerra, Secretary of the U.S. Department of Health and Human Services (HHS), outlining...more
1/12/2024
/ Data-Sharing ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Dobbs v. Jackson Women’s Health Organization ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Requests ,
Law Enforcement ,
Life Sciences ,
Patient Privacy Rights ,
PHI ,
Roe v Wade
On December 13, the U.S. Department of Health and Human Services (HHS) through the Office of the National Coordinator for Health Information Technology (ONC) finalized its Health Data, Technology, and Interoperability:...more
Summer 2023 gave us a blast of new and distinctive consumer health data privacy legislation. The Washington legislature could not wait to start showing off and splashing around in the summer sun by passing the country’s...more
As of September 1, 2023, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) can officially begin enforcement against Certified Health Information Technology (“HIT”) developers, health...more
9/11/2023
/ 21st Century Cures Act ,
Anti-Kickback Statute ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Information Technologies ,
Healthcare ,
Information Blocking Rules ,
OIG
This is Part Twelve, the final installment of our series of legal updates on the Washington My Health My Data Act (“WMHMDA”). We are thrilled that you came along as we dove into the intricacies of WMHMDA that are creating...more
8/30/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Eleven in a series of legal updates on the Washington My Health My Data (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
8/23/2023
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
PHI ,
Washington
This is Part Ten in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
This is Part Nine in a series of legal updates on the Washington My Health My Data (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
7/26/2023
/ California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Breach ,
Data Collection ,
Data Privacy ,
Enforcement Guidance ,
Healthcare ,
Life Sciences ,
Personal Data ,
Private Right of Action ,
Washington
This is Part Eight in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
7/24/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Healthcare ,
Personal Information ,
Popular ,
Privacy Laws ,
Washington
This is Part Three in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
6/14/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Medical History ,
Mental Health ,
Personal Data ,
Personally Identifiable Information ,
Popular
This is Part Two in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles is doing a deep dive into the various factors and intricacies of the Act that are shaping up to create a sea of...more
6/9/2023
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Geolocation ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Life Sciences ,
Personal Data ,
Washington
The Biden Administration announced that the federal COVID-19 Public Health Emergency (PHE) will expire at the end of the day on May 11, 2023. As we draw closer to the expiration date of the PHE, do you feel fine about your...more
3/20/2023
/ Biden Administration ,
Business Associates Agreement (BAA) ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Public Health Emergency ,
Telehealth ,
Telemedicine
March was a busy month for data privacy and security, especially as it relates to health care entities. To help keep you up to date with the changes, we’ve included a few highlights for you below...
...more
4/6/2022
/ Cybersecurity Framework ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
Life Sciences ,
Patient Privacy Rights ,
Proposed Legislation ,
Regulatory Reform ,
State Data Breach Notification Statutes