On October 31, 2023, the Department of Health and Human Services announced the issuance of a settlement agreement with Doctors’ Management Services, a Massachusetts-based medical management company, related to alleged violations of the Health Insurance Portability and Accountability Act’s Privacy and Security Rules.
Continue Reading HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack
Personal Health Information
NAI Issues Best Practices Guidance on Health-Related Digital Advertising
Posted on
Posted in Health Privacy, U.S. State Law
On November 8, 2023, the Network Advertising Initiative (“NAI”) issued its best practices guidance (“Guidance”), which advocates for the use of demographic data for health advertising, rather than sensitive health information.Continue Reading NAI Issues Best Practices Guidance on Health-Related Digital Advertising
ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool
Posted on
Posted in Health Privacy, U.S. Federal Law
On September 13, 2023, the National Coordinator for Health Information Technology and the Office for Civil Rights at the U.S. Department of Health and Human Services released version 3.4 of the Security Risk Assessment Tool under the Health Insurance Portability and Accountability Act Security Rule.
Continue Reading ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool
New Washington State Geofencing Ban Set to Take Effect in July
Posted on
Posted in Health Privacy, U.S. State Law
On April 27, 2023, Washington adopted the My Health My Data Act. Most of the law’s provisions are not effective until March 31, 2024 (or June 30, 2024 for small businesses). The law’s geofencing prohibition, however, is set to take effect on July 23, 2023.
Continue Reading New Washington State Geofencing Ban Set to Take Effect in July
Connecticut and Nevada Legislatures Pass Health Data Laws
Posted on
On June 2 and June 5, 2023, the Connecticut and Nevada state legislatures, respectively, voted in favor of sending legislation to their governors for signature that would impose restrictions, among others, on the processing of consumer health data, including geofencing provisions. Nevada S.B. 370 was signed by Nevada Governor Joe Lombardo on June 16, 2023. …
Continue Reading Connecticut and Nevada Legislatures Pass Health Data Laws
FTC Proposes Amendments to Health Breach Notification Rule
Posted on
n May 18, 2023, the Federal Trade Commission announced it is seeking comment to proposed changes to the Health Breach Notification Rule. …
Continue Reading FTC Proposes Amendments to Health Breach Notification Rule
New York State Passes Prohibition on Geofences Around Health Care Facilities
Posted on
Posted in Health Privacy, U.S. State Law
On May 3, 2023, New York Governor Kathy Hochul signed into law fiscal bill A.3007C/S.4007, which contains provisions prohibiting the establishment of a geofence around health care facilities.
Continue Reading New York State Passes Prohibition on Geofences Around Health Care Facilities
FTC Brings Enforcement Action Against Pregnancy App for Sharing Sensitive Data
Posted on
On May 17, 2023, the Federal Trade Commission issued a consumer alert regarding the Premom Ovulation Tracker app sharing of sensitive information with third parties without users’ permission.
Continue Reading FTC Brings Enforcement Action Against Pregnancy App for Sharing Sensitive Data
Washington Becomes the First State to Enact a Comprehensive Health Privacy Law
Posted on
Posted in Health Privacy, U.S. State Law
On April 17, 2023, the Washington State House concurred to the Washington State Senate’s amendments to Washington State House Bill 1155, the My Health My Data Act, clearing the bill’s way to Governor Jay Inslee for a final signature. …
Continue Reading Washington Becomes the First State to Enact a Comprehensive Health Privacy Law
HHS Issues NPRM to Strengthen Protections under HIPAA for Reproductive Privacy
Posted on
Posted in Health Privacy
On April 12, 2023, the U.S. Department of Health and Human Services issued a Notice of Proposed Rulemaking to modify protections under the Health Insurance Portability and Accountability Act of 1996 to strengthen reproductive health care privacy.
Continue Reading HHS Issues NPRM to Strengthen Protections under HIPAA for Reproductive Privacy