On September 13, 2023, the National Coordinator for Health Information Technology and the Office for Civil Rights at the U.S. Department of Health and Human Services released version 3.4 of the Security Risk Assessment Tool under the Health Insurance Portability and Accountability Act Security Rule.
Continue Reading ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool
Personal Health Information
New Washington State Geofencing Ban Set to Take Effect in July
Posted on
Posted in Health Privacy, U.S. State Law
On April 27, 2023, Washington adopted the My Health My Data Act. Most of the law’s provisions are not effective until March 31, 2024 (or June 30, 2024 for small businesses). The law’s geofencing prohibition, however, is set to take effect on July 23, 2023.
Continue Reading New Washington State Geofencing Ban Set to Take Effect in July
Connecticut and Nevada Legislatures Pass Health Data Laws
Posted on
On June 2 and June 5, 2023, the Connecticut and Nevada state legislatures, respectively, voted in favor of sending legislation to their governors for signature that would impose restrictions, among others, on the processing of consumer health data, including geofencing provisions. Nevada S.B. 370 was signed by Nevada Governor Joe Lombardo on June 16, 2023. …
Continue Reading Connecticut and Nevada Legislatures Pass Health Data Laws
FTC Proposes Amendments to Health Breach Notification Rule
Posted on
n May 18, 2023, the Federal Trade Commission announced it is seeking comment to proposed changes to the Health Breach Notification Rule. …
Continue Reading FTC Proposes Amendments to Health Breach Notification Rule
New York State Passes Prohibition on Geofences Around Health Care Facilities
Posted on
Posted in Health Privacy, U.S. State Law
On May 3, 2023, New York Governor Kathy Hochul signed into law fiscal bill A.3007C/S.4007, which contains provisions prohibiting the establishment of a geofence around health care facilities.
Continue Reading New York State Passes Prohibition on Geofences Around Health Care Facilities
FTC Brings Enforcement Action Against Pregnancy App for Sharing Sensitive Data
Posted on
On May 17, 2023, the Federal Trade Commission issued a consumer alert regarding the Premom Ovulation Tracker app sharing of sensitive information with third parties without users’ permission.
Continue Reading FTC Brings Enforcement Action Against Pregnancy App for Sharing Sensitive Data
Washington Becomes the First State to Enact a Comprehensive Health Privacy Law
Posted on
Posted in Health Privacy, U.S. State Law
On April 17, 2023, the Washington State House concurred to the Washington State Senate’s amendments to Washington State House Bill 1155, the My Health My Data Act, clearing the bill’s way to Governor Jay Inslee for a final signature. …
Continue Reading Washington Becomes the First State to Enact a Comprehensive Health Privacy Law
HHS Issues NPRM to Strengthen Protections under HIPAA for Reproductive Privacy
Posted on
Posted in Health Privacy
On April 12, 2023, the U.S. Department of Health and Human Services issued a Notice of Proposed Rulemaking to modify protections under the Health Insurance Portability and Accountability Act of 1996 to strengthen reproductive health care privacy.
Continue Reading HHS Issues NPRM to Strengthen Protections under HIPAA for Reproductive Privacy
New York Attorney General Settles with Law Firm Over Data Breach
Posted on
On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach. …
Continue Reading New York Attorney General Settles with Law Firm Over Data Breach
GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
Posted on
On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action