On January 13, 2025, California Attorney General (AG) Rob Bonta issued two legal advisories: one for businesses generally (General Advisory) and one specific to healthcare entities (Health Advisory). These advisories identify...more
2/6/2025
/ Artificial Intelligence ,
California ,
Civil Rights Act ,
Compliance ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Health Care Providers ,
Healthcare ,
Privacy Laws ,
State Attorneys General ,
Technology Sector ,
Unfair Competition
§ 160.101 Statutory basis and purpose.
The requirements of this subchapter implement sections 1171–1180 of the Social Security Act (the Act), sections 262 and 264 of Public Law 104–191, section 105 of Public Law 110–233,...more
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
On October 10, 2019, the California Attorney General released proposed regulations to implement the California Consumer Privacy Act (CCPA), including substantial new requirements not included in the CCPA. Here we offer a...more
10/15/2019
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General
There are myriad opportunities for hospitals and health systems (HHSs) to engage in data-focused collaborations with other stakeholders in the healthcare industry. These collaborations include, to an increasing extent,...more
10/4/2019
/ Data Breach ,
Data Collection ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Investors ,
Joint Venture ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Private Equity ,
Risk Assessment
The ONC finally released its long-awaited proposed rule to implement the “information blocking” prohibition of the 21st Century Cures Act by identifying conduct that is not information blocking. If finalized, ONC’s proposed...more
2/15/2019
/ 21st Century Cures Act ,
Centers for Medicare & Medicaid Services (CMS) ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Exceptions ,
Health Care Providers ,
Health Information Technologies ,
Hospitals ,
ONC ,
Patient Privacy Rights ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Regulatory Requirements
On December 2, 2014, the Office for Civil Rights (OCR) and Anchorage Community Mental Health Services, Inc., (ACMHS) entered into a Resolution Agreement and Corrective Action Plan (CAP) to settle alleged violations of the...more
In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission...more
12/11/2014
/ Africa ,
Anti-Spam Legislation ,
Canada ,
China ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
Federal Trade Commission (FTC) ,
Latin America ,
Legislative Agendas
In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more
1/29/2014
/ Affordable Care Act ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EHR ,
Enforcement ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Neiman Marcus ,
Personally Identifiable Information ,
PHI ,
Privacy Laws ,
Safe Harbors ,
Target
The compliance date for the omnibus final rule amending the privacy, security, breach notification and enforcement regulations under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information...more
7/25/2013
/ Breach Notification Rule ,
Compliance ,
Data Breach ,
Data Protection ,
Deadlines ,
Enforcement ,
Final Rules ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Omnibus Rule ,
Privacy Policy
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
2/21/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule