2024 was a pivotal year in the regulation of data practices, with increased scrutiny of artificial intelligence (AI), data brokers, and the ecosystem of commercial data, and the continued proliferation of comprehensive United...more
2/13/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws
On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and...more
1/7/2025
/ Covered Entities ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Security Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Proposed Rules ,
Regulatory Agenda ,
Rulemaking Process
Join Troutman Pepper Partner Brett Mason for a podcast series analyzing the intersection of artificial intelligence (AI), health care, and the law.
In this installment, Brett is joined by Partner Brent Hoard and Andrea...more
On September 4, Texas Attorney General (AG) Ken Paxton filed a lawsuit against the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), challenging two key Health Insurance Portability and...more
9/13/2024
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
State and Local Government ,
State Attorneys General ,
State Privacy Laws ,
Statutory Authority ,
Texas
Join Troutman Pepper Partner Brett Mason for a podcast series analyzing the intersection of artificial intelligence (AI), health care, and the law.
In this installment, Brett Mason is joined by Partner Brent Hoard and...more
In the rapidly evolving landscape of health care, the surge in telehealth has been nothing short of revolutionary. This digital transformation, while offering unprecedented access to health care services, also introduces a...more
6/10/2024
/ Anti-Kickback Statute ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Due Diligence ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Popular ,
Telehealth
Historically, many private equity firms have let their portfolio companies independently manage cybersecurity. Given the increase in data and cyber risks, sophistication of threat actors, and impact and cost of breaches,...more
On March 18, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an updated bulletin to "increase clarity for regulated entities and the public" with respect to the use of online tracking...more
On February 8, 2024, the Department of Health and Human Services (HHS) posted a final rule that aims to align 42 CFR Part 2 (Part 2) — which protects certain substance abuse disorder (SUD) records — with the Health Insurance...more
2/22/2024
/ CARES Act ,
Consent ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Personally Identifiable Information ,
PHI ,
Substance Abuse
On January 1, California's Assembly Bill No. 352 (AB 352) went into effect, introducing significant changes to the handling and sharing of sensitive health information — particularly information related to reproductive health...more
1/23/2024
/ California ,
CMIA ,
Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Electronic Medical Records ,
Health Care Providers ,
Healthcare ,
Information Governance ,
New Legislation ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform ,
Regulatory Requirements ,
Reproductive Healthcare Issues
Background -
On July 1, an amendment to the Florida Electronic Health Records Exchange Act (the Act) will go into effect. The Act focuses on information safety and sets forth stringent requirements that prohibit health...more
Online Tracking Technologies and HIPAA. In December 2022, the Department of Health and Human Services Office for Civil Rights (OCR) published a bulletin on the use of online tracking technologies (e.g., cookies or web...more
On April 27, the state of Washington enacted the My Health My Data Act (MHMDA), a comprehensive health privacy law that imposes broad restrictions on how “consumer health data” can be used by companies doing business in the...more
Recently, the Iowa Legislature sent a bill to Iowa Governor Kim Reynolds for her signature that would make Iowa the sixth state to enact a comprehensive privacy law. The Iowa Senate unanimously passed Senate File 262 (SF 262)...more
Don't Hyperventilate. There are new United Kingdom (UK), European Union (EU), U.S., and global regulatory requirements that just went into effect or will be effective before or soon after year-end that will impact contracts...more
Exemption Extensions Failed. On August 31, California's legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal...more
With the notice and cure set to expire on January 1, 2023, California Attorney General Rob Bonta (CA AG) provided a glimpse at what to expect with its first settlement of alleged violations of the California Consumer Privacy...more
9/1/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Sephora ,
Statutory Violations
Background on the PIPL Security Assessment. On July 7, China’s top regulator, the Cyberspace Administration of China (CAC), released the final version of the Measures for Security Assessment of Data Exports (Security...more
The California Privacy Rights Act (CPRA) established the California Privacy Protection Agency (CPPA), and requires the CPPA to adopt, amend, and rescind regulations on 22 topics — including, among other things, definitions,...more