On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach.
Continue Reading New York Attorney General Settles with Law Firm Over Data Breach
Personal Health Information
GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
Pennsylvania Amends Breach Notification Law
On November 3, 2022, Pennsylvania Governor Tom Wolf singed Senate Bill 636 into law, amending Pennsylvania’s breach notification law.
Continue Reading Pennsylvania Amends Breach Notification Law
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
New California Laws Enhance Reproductive Health Privacy Protections
On September 27, 2022, California Governor Gavin Newsom signed into law a pair of bills designed to prevent medical information and other data held by California entities from being used in out-of-state abortion prosecutions.
Continue Reading New California Laws Enhance Reproductive Health Privacy Protections
OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights announced that it had settled a case involving the disposal of physical protected health information. …
Continue Reading OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
NIST Publishes New Draft Guidance on HIPAA Security Rule
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data
On July 8, 2022, President Biden issued an Executive Order titled, “Protecting Access to Reproductive Health Care Services,” in response to the overturning of Roe v. Wade. …
Continue Reading President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data
California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. …
Continue Reading California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information