We are in an era where smartphones track sleep patterns, fitness apps monitor heart rates, and online searches reveal sensitive medical inquiries. As a result, the notion of “health data” has expanded dramatically. This...more
6/26/2025
/ Consumer Privacy Rights ,
Data Privacy ,
Digital Health ,
Enforcement Actions ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
Location Data ,
Medical Records ,
New Legislation ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws ,
Technology
On Jan. 21, the New York Senate approved a groundbreaking health privacy bill, S-929. The legislation, modeled on Washington state’s My Health My Data Act, aims to extend protections over personal health information beyond...more
1/27/2025
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Legislation ,
New York ,
Patient Privacy Rights ,
Personal Data ,
Personal Information ,
Privacy Laws ,
State Privacy Laws
On Dec. 27, the Department of Health and Human Services (HHS) issued proposed updates to the HIPAA Security Rule to address evolving cybersecurity threats in healthcare. Introduced through a Notice of Proposed Rulemaking...more
In 2024, the U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) Director Melanie Fontes Rainer announced that OCR will resume auditing Health Information Portability and Accountability Act (“HIPAA”)...more
10/23/2024
/ Audits ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Risk Assessment
On Jan. 30, 2023, the Biden Administration announced its intent to end the national emergency and public health emergency declarations related to the COVID-19 pandemic on May 11, 2023. Thereafter on April 11, 2023, the...more
The U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR), recently issued a Notice of Proposed Rulemaking (NPRM) that would prohibit the use or disclosure of protected health information (PHI) to...more
For the first time since it became law on Aug. 25, 2009, the Federal Trade Commission (“FTC”) has taken enforcement action under 16 C.F.R. § 318, also known as the Health Breach Notification Rule, with a $1.5 million civil...more
OCR’s HIPAA Right of Access Initiative shows no signs of slowing down. On July 15, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of 11 more cases at a total of...more
The COVID-19 outbreak has led OCR to announce that it will exercise enforcement discretion to not impose penalties for HIPAA violations against healthcare providers treating patients through some commonly used social media...more
5/15/2020
/ Coronavirus/COVID-19 ,
Covered Entities ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Good Faith ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
Mobile Apps ,
OCR ,
PHI ,
Social Media ,
Telehealth