On November 3, 2022, Pennsylvania Governor Tom Wolf singed Senate Bill 636 into law, amending Pennsylvania’s breach notification law.
Continue Reading Pennsylvania Amends Breach Notification Law
Health Privacy
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
New California Laws Enhance Reproductive Health Privacy Protections
On September 27, 2022, California Governor Gavin Newsom signed into law a pair of bills designed to prevent medical information and other data held by California entities from being used in out-of-state abortion prosecutions.
Continue Reading New California Laws Enhance Reproductive Health Privacy Protections
OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights announced that it had settled a case involving the disposal of physical protected health information. …
Continue Reading OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
FTC Commences Civil Action Against Data Broker for Selling Geolocation Data
On August 29, 2022, the Federal Trade Commission announced a civil action against digital marketing data broker Kochava Inc. for “selling geolocation data from hundreds of millions of mobile devices that can be used to trace movements of individuals to and from sensitive locations.”…
Continue Reading FTC Commences Civil Action Against Data Broker for Selling Geolocation Data
NIST Publishes New Draft Guidance on HIPAA Security Rule
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
NIH Confidentiality Certificates Add Layer of Privacy Protection Post-Dobbs
Following the ruling in Dobbs, the National Institutes of Health’s certificates of confidentiality offer an important layer of privacy protection to reproductive health research data. …
Continue Reading NIH Confidentiality Certificates Add Layer of Privacy Protection Post-Dobbs
FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data
On July 11, 2022, the Federal Trade Commission’s Bureau of Consumer Protection issued a business alert on businesses’ handling of sensitive data, with a particular focus on location and health data.
Continue Reading FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data
President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data
On July 8, 2022, President Biden issued an Executive Order titled, “Protecting Access to Reproductive Health Care Services,” in response to the overturning of Roe v. Wade. …
Continue Reading President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data
HHS Issues Post-Dobbs Guidance to Protect Patient Privacy
On June 29, 2022, the U.S. Department of Health and Human Services issued two guidance documents to “help protect patients seeking reproductive health care, as well as their providers” following the Supreme Court’s decision in Dobbs vs. Jackson Women’s Health Organization. …
Continue Reading HHS Issues Post-Dobbs Guidance to Protect Patient Privacy