Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
Share on Twitter Print Share by Email Share Back to top HIPAA regulated entities may now begin implementing the amendments to the HIPAA Privacy Rule to provide additional protections for reproductive health care information...more
Following the Vermont Senate’s failure to override Governor Phil Scott’s veto of the Vermont Data Privacy Act (VDPA), the much-discussed bill will not be enacted into law – at least in its current form. As passed by the...more
Pixels, cookies, and trackers continue to be front of mind for HIPAA regulated entities seeking clarity on their ability to advertise, market, and engage with existing and prospective patients. On March 18, 2024, the U.S....more
3/21/2024
/ Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Innovative Technology ,
Privacy Laws ,
Tracking Systems ,
Web Tracking ,
Websites
In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the National Institute of Standards and...more
Editor’s Note: PYA and Foley & Lardner hosted the 6th Annual “Let’s Talk Compliance” two-day Virtual Conference on January 18 and 19, 2024. Panelists included Foley & Lardner attorneys and PYA experts. The event was hosted by...more
Substance Use Disorder (SUD) programs and HIPAA-regulated entities seeking to streamline their privacy and security practices and workflows received welcome news from the U.S. Department of Health & Human Services (HHS) last...more
2/13/2024
/ Applicability Date ,
Breach Notification Rule ,
CARES Act ,
Consent ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Notice of Proposed Rulemaking (NOPR) ,
Patient Rights ,
Penalties ,
PHI ,
Substance Abuse
On January 16, 2024, New Jersey Governor Phil Murphy signed Senate Bill (SB) 332, establishing New Jersey’s consumer data privacy law, the New Jersey Data Privacy Act (NJDPA) which will be effective January 15, 2025. This...more
1/25/2024
/ California Privacy Rights Act (CPRA) ,
CDPA ,
Data Protection ,
Enforcement ,
FERPA ,
Fines ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Jersey ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Popular ,
Privacy Laws ,
State Privacy Laws ,
Transparency
On November 14, 2023, the Wisconsin State Assembly passed Assembly Bill 466, otherwise known as the Wisconsin Data Privacy Act (WDPA). The bill passed on its third reading and was immediately ordered to the Wisconsin State...more
11/28/2023
/ Colleges ,
Consent ,
Data Processors ,
Data Protection ,
Enforcement ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Nonprofits ,
Notification Requirements ,
Opt-Outs ,
Personal Information ,
Right To Know ,
Sensitive Personal Information ,
State Data Privacy Laws ,
Universities ,
Wisconsin
Recognizing the evolving landscape of care delivery and growth of telehealth, the U.S. Department of Health and Human Services (HHS) published a resource guide aimed at assisting telehealth providers in explaining the privacy...more
On October 10, 2023, California Governor Gavin Newsom signed into law SB-362, a measure amending existing California laws regulating data brokers and granting California residents the right to delete all personal information...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Florida health care providers and digital health technology platforms should be on alert that a newly passed law requires providers using certified electronic health record technology (CEHRT) to ensure that all patient...more
Medicare telehealth post-Public Health Emergency (PHE): With the COVID-19 PHE concluding on May 11, 2023, many of the telehealth flexibilities the Centers for Medicare & Medicaid Services (CMS) implemented during the PHE will...more
3/30/2023
/ Centers for Medicare & Medicaid Services (CMS) ,
Controlled Substances ,
DEA ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicare Administrative Contractors (MAC) ,
Opioid ,
PHI ,
Public Health Emergency ,
Substance Abuse ,
Telemedicine
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Session #1: State of the Healthcare Industry Effective Compliance Plans and Enforcement Trends -
In their discussion of compliance program effectiveness and enforcement, attorneys Kolarik and Waltz and Ms. Sumner...more
2/23/2023
/ Centers for Medicare & Medicaid Services (CMS) ,
Compliance ,
Consolidated Appropriations Act (CAA) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Dispute Resolution ,
Enforcement ,
Health Care Providers ,
Healthcare ,
Medicaid ,
Medicare ,
Mental Health ,
No Surprises Act (NSA) ,
Physician Fee Schedule ,
Public Health Emergency ,
Risk Assessment
Proposed changes to the federal substance use disorder law will increase provider efficiency and alignment with the Health Insurance Portability and Accountability Act (HIPAA). In a move that seeks to decrease administrative...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The National Institute of Standards and Technology (NIST) has released an initial draft of Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (Resource...more
Preparation for operations after the end of the Public Health Emergency (PHE) have commenced. HHS released guidance on using remote communication technologies for audio-only telehealth services in compliance with HIPAA. In...more
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
Preparation for operations after the end of the Public Health Emergency (PHE) have commenced. HHS released guidance on using remote communication technologies for audio-only telehealth services in compliance with HIPAA. In...more
On April 4, 2022, the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) seeking input from HIPAA-covered entities and business associates on how the industry understands and is...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more