This year, the federal government has made significant changes to longstanding health care privacy rules, while state lawmakers continue to enact privacy restrictions on consumer health data. These reforms modify legal...more
6/26/2024
/ Breach Notification Rule ,
Code of Federal Regulations (CFR) ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Medical Records ,
Patient Privacy Rights ,
PHI ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Substance Abuse ,
Web Tracking ,
Webinars
On May 15, 2024, the U.S. Securities and Exchange Commission (the “SEC”) adopted amendments to Regulation S-P (the “Data Privacy Amendments”), which were published in the Federal Register on June 3, 2024, starting the clock...more
On May 17, Colorado Governor Jared Polis signed into law Colorado Senate Bill 2-205 (SB 205), also known as the Colorado Artificial Intelligence Act—making Colorado the second state to enact comprehensive legislation on...more
Earlier this week, the House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) released a discussion draft of the...more
4/12/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
Sensitive Personal Information
On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its December 2022 guidance for HIPAA-regulated entities regarding the use of online tracking technologies...more
3/25/2024
/ Cybersecurity ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile App Privacy Guidelines ,
OCR ,
PHI ,
Web Tracking
Last week, Utah governor Spencer Cox signed into law Utah Senate Bill 149 (SB 149), also known the Artificial Intelligence Policy Act (the AI Policy Act). This is the first comprehensive state law on AI in the U.S., creating...more
On December 20, the Federal Trade Commission (FTC) proposed its first significant updates to the Children’s Online Privacy Protection Act (COPPA) in a decade. If adopted, the FTC’s Notice of Proposed Rulemaking (the Proposed...more
This week, the California Privacy Protection Agency (CPPA) released preliminary draft regulations on automated decisionmaking technology ( or “ADMT”) that would require disclosures and associated opt-out and access rights...more
12/1/2023
/ Artificial Intelligence ,
Automated Systems ,
California ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Data Management ,
Machine Learning ,
Opt-Outs ,
Proposed Regulation ,
Regulatory Agenda ,
Risk Assessment
On October 10, Governor Newsom signed SB 362, a law requiring any business that meets the definition of “data broker” to provide detailed disclosures about its practices, register with the state and delete any personal...more
10/13/2023
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Information ,
Consumer Privacy Rights ,
Data Brokers ,
Data Collection ,
Data Security ,
Data Sellers ,
Data-Sharing ,
New Legislation ,
Personal Data ,
Personal Information ,
Popular ,
Privacy Policy ,
State Data Privacy Laws
Connecticut is the latest state to establish wide-ranging privacy protections for consumer health data and the first to weave such protections into a preexisting comprehensive consumer privacy law. The new law, S.B. 3, amends...more
10/6/2023
/ Connecticut ,
Data Privacy ,
Data Security ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New Legislation ,
Patient Privacy Rights ,
PHI ,
Regulatory Reform
On July 20, 2023, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) sent a joint letter to approximately 130 hospital systems and telehealth...more
7/24/2023
/ CIPA ,
CMIA ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Mobile Apps ,
OCR ,
PHI ,
Technology ,
Tracking Systems ,
Web Tracking
A first-of-its-kind Florida law requires health care providers to keep certain patient data within the United States, its territories or Canada....more
The Federal Trade Commission (FTC) continues to expand its regulation of health care data to ensure the data remains protected when shared with consumer-facing applications....more
6/16/2023
/ Breach Notification Rule ,
Comment Period ,
Data Breach ,
Data Collection ,
Data Protection ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Notice of Proposed Rulemaking (NOPR) ,
PHI ,
Proposed Amendments ,
Proposed Rules ,
Regulatory Agenda ,
Regulatory Reform
As the scramble continues to reckon with the rapid advancement of generative artificial intelligence models like ChatGPT, Bard, DALL-E, and MidJourney, and the promise of other AI and machine learning systems (for simplicity,...more
6/5/2023
/ Algorithms ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Popular ,
State and Local Government
Washington state legislators have approved a far-reaching data protection bill that could change how businesses collect, use, and disclose consumer health data, including information that is only inferentially related to...more
The Federal Trade Commission (FTC) announced yesterday that it has brought its first-ever enforcement action under its Health Breach Notification Rule, against digital health platform GoodRx Holdings, Inc. This follows the...more
An increasing amount of consumer health data today is collected through wearables, apps, websites and online services that fall outside of the health care system. The vast majority of this information is not protected by the...more
1/25/2023
/ Continuing Legal Education ,
Data Collection ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Patient Privacy Rights ,
PHI ,
Privacy Laws ,
Webinars
On September 27, 2022, California Governor Gavin Newsom signed two bills (summarized below) that collectively aim to strengthen privacy safeguards for individuals seeking abortion services. After the U.S. Supreme Court’s...more
Right now, beginning on January 1, 2023, the California Consumer Privacy Act (the CCPA), as amended by the passage of the California Privacy Rights Act in the November 2020 election, will apply to personal information...more
Join an interdisciplinary panel of Manatt professionals for the third of a three-part webinar series on the metaverse and the dawn of the Web3 era.
While Parts One and Two of our series focused on the blockchain basics and...more
On June 8, 2021, the Colorado Senate passed SB21-190, the Colorado Privacy Act (CPA), as amended by the Colorado House of Representatives. Governor Jared Polis signed the bill into law on July 8. Passage of the CPA makes...more
On June 8, 2021, the Colorado Senate passed SB21-190, the Colorado Privacy Act (CPA), as amended by the Colorado House of Representatives. Governor Jared Polis has 30 days to sign it into law, which he is expected to do....more
There is widespread agreement that vaccinations provide our greatest chance of defeating COVID-19. Numerous myths about the vaccine, however, could raise unfounded fears and hamper rollout efforts. Employers face additional...more
On March 2, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA), making Virginia the latest state to enact a cross-industry privacy rights law. The CDPA displays a blend of concepts from two leading...more
3/5/2021
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
State Privacy Laws ,
Virginia
On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA amends and expands the California Consumer Privacy Act (CCPA)—California’s...more
11/18/2020
/ Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Information ,
Sensitive Personal Information