On April 22, 2025, the Federal Trade Commission ("FTC") published in the Federal Register its first major update to the Children's Online Privacy Protection Act Rule (the "COPPA Rule" or "Rule") since 2013. The COPPA Rule,...more
In a major change to a law that produced extraordinarily high damages claims and settlements, the Illinois General Assembly amended the Biometric Information Privacy Act (BIPA) to substantially reduce potential liability for...more
The U.S. District Court for the Northern District of Texas ruled that HHS's December 1, 2022, guidance applying HIPAA to online tracking technologies is unlawful with respect to its treatment of certain combinations of...more
On May 10, 2024, Maryland Governor Wes Moore signed the Maryland Online Data Privacy Act of 2024 ("MODPA" or the "Act"), bringing the number of comprehensive state privacy laws to 18and establishing a new, more restrictive...more
5/16/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement ,
Minor Children ,
Opt-Outs ,
Personal Data ,
PHI ,
Sensitive Personal Information ,
State Privacy Laws ,
Sunset Provisions
The FTC issued a final rule to lock in changes to the Health Breach Notification Rule (HBNR) that it proposed in May 2023. While the HBNR began as a breach notification rule seemingly focused on a narrow set of applications...more
The U.S. Department of Health and Human Services (HHS) this week released final amendments to the HIPAA Privacy Rule to further protect the privacy of protected health information (PHI) related to reproductive health care....more
4/29/2024
/ Attestation Requirements ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
New Amendments ,
Patients ,
PHI ,
Policies and Procedures ,
Reproductive Healthcare Issues
The long-anticipated final rule addressing substance use disorder (SUD) records at 42 C.F.R. Part 2, commonly referred to as Part 2, is here. The final rule is a joint undertaking by the U.S. Department of Health and Human...more
2/21/2024
/ Breach Notification Rule ,
CARES Act ,
Civil Monetary Penalty ,
Confidentiality Policies ,
Consent Agreements ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Penalties ,
PHI ,
Risk Assessment ,
SAMHSA ,
Substance Abuse
February 29, 2024, is the date by which HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of all "small" breaches of unsecured protected health information that...more
The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) announced its final rule (the Enforcement Rule) implementing the information blocking penalties created by the 21st Century Cures Act...more
7/28/2023
/ Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Information Blocking Rules ,
Information Technology ,
OCR ,
OIG ,
ONC
On May 18, 2023, the Federal Trade Commission (FTC) issued a policy statement warning that the proliferation of technologies that use or claim to use biometric information may bring risks with regard to consumer privacy and...more
6/2/2023
/ Biometric Information ,
Data Collection ,
Data Security ,
Deep Fake ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Innovative Technology ,
Section 5 ,
Unfair or Deceptive Trade Practices
The FTC released a Notice of Proposed Rulemaking (NPRM) to introduce changes to the Health Breach Notification Rule (HBNR). While the HBNR began as a breach notification rule seemingly focused on a narrow set of applications...more
5/26/2023
/ Breach Notification Rule ,
Data Security ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Notice of Proposed Rulemaking (NOPR) ,
Privacy Laws ,
Proposed Amendments ,
Third-Party Service Provider ,
Wellness Programs