Sports teams, leagues, agents and venues collecting personal information from athletes, fans and sponsors must comply with evolving privacy regulations. Here are key takeaways from a conversation Orrick recently hosted with...more
On February 10, 2025, a Washington state resident filed a lawsuit on behalf of herself and similarly situated individuals against Amazon under the Washington My Health My Data Act (MHMD). This is the first lawsuit brought...more
2/24/2025
/ Biometric Information ,
Class Action ,
Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
Recently, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to update the Health Insurance Portability and Accountability Act (HIPAA) Security Rule—the...more
The Federal Trade Commission (FTC) has updated its Health Breach Notification Rule that applies to non-HIPAA, consumer health data. Among the revisions, the FTC expanded or introduced key definitions and modified the...more
7/31/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Popular
The Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), has issued a final rule updating the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in an effort to...more
The U.S. Department of Health & Human Services (HHS), through the Substance Abuse and Mental Health Services Administration (SAMHSA) and the Office for Civil Rights (OCR), has announced a final rule (the Rule) updating the...more
The Nevada legislature recently passed Senate Bill 370 (“Nevada’s Consumer Health Data Privacy Law”) aiming to impose broad requirements on collecting, using, and selling consumer health information. Nevada joins Washington...more
These days it’s easy to identify people using technology and databases, and that’s a problem if you are trying to comply with HIPAA or even GDPR because a lot of sensitive data eventually needs to be de-identified in a proper...more
Healthcare companies track visitors to websites and mobile apps with third-party technologies like cookies and pixels, but that widespread practice now comes with steadily growing risk. The Federal Trade Commission is...more
We expect many of the trends of 2021 in health data privacy to continue to pick up steam this year. See below for six noteworthy trends that life sciences and healthcare companies should continue to keep an eye on in 2022: ...more
Once reserved for routine doctors’ appointments, collecting health-related data has exploded as consumers start to monitor their own health metrics—everything from sleep and fertility to mental health and COVID-19—and...more
The Federal Trade Commission ("FTC") recently announced its intent to "vigorously" enforce its 2009 Health Breach Notification Rule (the "Rule") via a policy statement that sheds light on the Rule's scope. The policy...more
9/24/2021
/ Application Programming Interface (APIs) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Mobile Health Apps ,
Personally Identifiable Information ,
Popular
Attacks on the life sciences and healthcare sectors (healthcare providers and health technology, medical device, pharmaceutical and biotechnology companies) increased significantly in the last year, including at the World...more