What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for...more
The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the...more
The Equal Employment Opportunity Commission (EEOC) has ramped-up enforcement and guidance in recent months over employers’ use of artificial intelligence (AI).
On May 18, 2023, as part of its Artificial Intelligence and...more
8/14/2023
/ Age Discrimination ,
Algorithms ,
Artificial Intelligence ,
Automation Systems ,
Civil Rights Act ,
Corporate Counsel ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
Screening Procedures ,
Title VII
The Cyber Safety Review Board (Board) issued a report entitled, Review of the Attacks Associates with Lapsus$ and Related Threat Groups (Report), released by the Department of Homeland Security on August 10, 2023. The Report...more
In a 2019 post about increasing cyber risks in K-12 schools, we cited a report, “The State of K-12 Cybersecurity: 2018 Year in Review,” that contained sobering information about cybersecurity in local school districts across...more
Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a...more
On July 18, 2023, Oregon’s Governor signed Senate Bill 619 which enacts Oregon’s comprehensive consumer data privacy statute. Oregon joins California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and...more
The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of...more
7/21/2023
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Technology ,
Telehealth ,
Web Tracking
On June 7, 2023, Connecticut’s Governor signed Senate Bill (SB) 1103, which enacted regulations regarding artificial intelligence, automated decision-making, and personal data privacy. The law sets several requirements for...more
On June 26, 2023, the Governor of Connecticut signed Senate Bill (SB) 3 which set forth new requirements related to consumer health data and protections for minors online.
As Connecticut’s comprehensive consumer privacy...more
On June 7, 2023, Montana’s Governor signed Senate Bill (SB) 351 which revises the state’s privacy law pertaining to genetic information.
This legislation takes effect on October 1, 2023.
Covered Entity-
Businesses...more
Though enforcement of the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA) has been paused for now, the State of California is not resting when it comes to compliance with the...more
On June 18, 2023, Texas’ Governor signed House Bill (HB) 4 which enacts the Texas Data Privacy and Security Act. Texas joins California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Utah, and Virginia in enacting...more
On June 16, 2023, Nevada’s Governor signed Senate Bill (SB) 370, which enacts certain protections for consumer health data.
The law is similar to Washington’s My Health, My Data Act, which was passed in April. The Future...more
The Association of Corporate Counsel and Major, Lindsey & Africa recently released their 2023 Law Department Management Benchmarking Report (Report) which tracks key trends in law department financial and operational data....more
It is not the first time we have written about complaints, OCR settlements, and even jail time following snooping by hospital employees into patient records. For example, as COVID raged, an investigation showed that for...more
On May 27, 2023, Texas’ Governor signed Senate Bill 768 amending Texas’ data breach notification law. The law in question, Section 521.053 of the Texas Business and Commerce Code, sets out the specific requirements any person...more
Unhappy consumers, including patients, are free to express dissatisfaction with services they receive from providers on popular social media or online review platforms, such as Yelp and Google. At least in the healthcare...more
6/6/2023
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Jersey ,
OCR ,
Online Reviews ,
PHI ,
Yelp
On May 19, 2023, Montana’s Governor signed Senate Bill 384, the Consumer Data Privacy Act. Montana joins California, Colorado, Connecticut, Indiana, Iowa, Tennessee, Utah, and Virginia in enacting a comprehensive consumer...more
Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According...more
On May 11, 2023, Tennessee’s Governor signed Senate Bill 0073, the Tennessee Information Protection Act, making the state the eighth state to pass consumer privacy legislation. Tennessee joins California, Colorado,...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Protection Laws ,
COPPA ,
Data Controller ,
Data Processors ,
FERPA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Personal Information ,
State Privacy Laws ,
Tennessee
We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such...more
Ransomware is a scary term for many business leaders and CISOs who dread being hit with a malware attack that locks up their data and could shut down operations. They expect to find that oddly-worded ransom note advising how...more
The Federal Trade Commission updated its “Standards for Safeguarding Customer Information” (“Safeguards Rule”) and extended the compliance deadline to June 9, 2023. Some entities still may be wondering – “Do these regulations...more
On May 1, 2023, Governor Holcomb signed Senate Bill 5, Indiana’s comprehensive privacy statute (The Act). the Act will become operative on January 1, 2026, and make Indiana the seventh state, after California, Colorado,...more