Assembly Bill 1651, or the Workplace Technology Accountability Act, a new bill proposed by California Assembly Member Ash Kalra, would regulate employers and their vendors regarding the use of employee data.
Continue Reading California Assembly Proposes Data Privacy Law for Workers
Health Privacy
FDA Issues Draft Cybersecurity Guidance for Medical Devices
On April 8, 2022, the Food and Drug Administration issued Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, a draft guidance document for industry and FDA staff. Industry stakeholders will have until July 7, 2022 to comment on the proposed guidance.
Continue Reading FDA Issues Draft Cybersecurity Guidance for Medical Devices
FTC Settles Children’s Privacy Case with WW (formerly Weight Watchers)
The Federal Trade Commission has reached a settlement with WW International, Inc. and Kurbo, Inc. over allegations the companies improperly registered children for the “Kurbo by WW” online weight loss management program. In pleadings filed on February 16, 2022, in federal court in the Northern District of California, the FTC claims WW and Kurbo offered…
FTC Publishes Health Breach Notification Rule Resources
On January 21, 2022, the Federal Trade Commission published two new resources for complying with the agency’s Health Breach Notification Rule. …
Continue Reading FTC Publishes Health Breach Notification Rule Resources
NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation
Earlier this month, the New Jersey Acting Attorney General Andrew Bruck announced that its Division of Consumer Affairs had reached a $425,000 settlement with three New Jersey-based providers of cancer care over alleged failures to adequately safeguard patient data.
Continue Reading NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation
New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic
On October 12, 2021, New Jersey Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal HIPAA’s Privacy and Security Rules by removing protected health information safeguards.
Continue Reading New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic
California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others
During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020, California’s data breach notification law and California’s data security law. Additional bills, amending the California Confidentiality of Medical Information Act and the California Insurance Code, also were also signed into law. The Governor also signed into law a bill protecting the privacy and security of genetic data processed by direct-to-consumer genetic testing companies, and a bill designed to prevent the sale, purchase and use of data obtained by illegal means.
Continue Reading California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others
Florida’s Protecting DNA Privacy Act Goes into Effect
On October 1, 2021, Florida’s Protecting DNA Privacy Act took effect. The Act, signed into law by Governor Ron DeSantis on June 29, restricts the collection, use, retention, maintenance, analysis and disclosure of any DNA sample or analysis derived from a person in Florida.
Continue Reading Florida’s Protecting DNA Privacy Act Goes into Effect
OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
FTC Issues Guidance Clarifying Scope of Its Health Breach Notification Rule for Health Apps and Connected Devices
On September 15, 2021, the Federal Trade Commission issued a Policy Statement to clarify the scope of the FTC’s Health Breach Notification Rule as it relates to health apps and connected devices.
Continue Reading FTC Issues Guidance Clarifying Scope of Its Health Breach Notification Rule for Health Apps and Connected Devices