On May 17, 2024, Colorado Governor Jared Polis signed Colorado’s historic artificial intelligence (AI) consumer protection bill, SB 24-205, colloquially known as “Colorado’s AI Act” (“CAIA”), into law....more
As we noted in our previous blog here, on January 6, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking (NPRM) proposing substantial revisions...more
The HIPAA Security Rule was originally promulgated over 20 years ago.
While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more
1/31/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NIST ,
Patient Privacy Rights ,
PHI ,
Proposed Rules ,
Risk Management
As Cyberattacks targeting the health care sector have continued to intensify over the past year, including ransomware attacks that have resulted in major data breaches impacting health care organizations, the protection of...more
1/16/2025
/ Compliance ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
OIG ,
Regulatory Requirements ,
Risk Management
On May 17, 2024, Colorado Governor Jared Polis signed into law SB 24-205—concerning consumer protections in interactions with artificial intelligence systems—after the Senate passed the bill on May 3. The law adds a new part...more
5/20/2024
/ Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Colorado ,
Innovative Technology ,
Machine Learning ,
Non-Discrimination Rules ,
Pending Legislation ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
We’ve all heard troubling stories involving emerging tools powered by artificial intelligence (AI), in which algorithms yield unintended, biased, or erroneous results. Here are a few examples:
- A monitoring tool for...more
6/8/2023
/ Algorithms ,
Artificial Intelligence ,
Bias ,
Consumer Product Companies ,
Employer Liability Issues ,
Facial Recognition Technology ,
Health Care Providers ,
Life Sciences ,
Privacy Laws ,
Race Discrimination ,
Risk Management ,
Webinars
Artificial intelligence (AI) and machine-learning algorithms are powerful tools that can automate or inform decision-making. At the same time, those algorithms can be quite complex and appear to be a “black box”—inscrutable...more
Ransomware Particularly Inflicts Health Care and Life Sciences Organizations -
Ransomware is a malicious cyber threat vector that employs encryption malware to prevent users from accessing their systems and data unless...more
6/3/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
FBI ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Malware ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Risk Management
After a Congressional override of a Presidential veto, the National Defense Authorization Act became law on January 1, 2021 (NDAA). Notably, the NDAA not only provides appropriations for military and defense purposes but,...more
In a recent blog post, colleagues in our Employment, Labor & Workforce Management practice addressed the legal framework pertaining to coronavirus (COVID-19) risks in the workplace. As the number of cases continues to the...more
3/4/2020
/ Best Practices ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Emergency Management Plans ,
Employee Privacy Rights ,
Employer Liability Issues ,
Health and Safety ,
Infectious Diseases ,
OCR ,
PHI ,
Policies and Procedures ,
Public Health ,
Risk Management ,
Workplace Safety
As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019....more
3/2/2020
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Reporting Requirements ,
Risk Management ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
January 28th marks Data Privacy Day which commemorates the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. This international treaty is the first of its kind...more
1/28/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
Rulemaking Process ,
SHIELD Act ,
State and Local Government
In this Thought Leaders in Health Law® video, attorneys Neil Di Spirito, Alaap Shah, Jessika Tuazon, and Patricia Wagner from Epstein Becker Green look at the Food and Drug Administration’s (FDA’s) guidance on the...more