Arecent report put the odds of an asteroid hitting the earth in December 2032 at 3.1%—which is 3,100 times more likely than an organization resolving an enforcement action with the U.S. Department of Health and Human...more
3/4/2025
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Settlement
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) delivered a late-December surprise: a draft overhaul of the Health Insurance Portability and Accountability Act of 1996’s (HIPAA) Security Rule....more
1/3/2025
/ Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI
Pennsylvania recently amended their data breach notification law in a way that turns the status quo on its head. The law, Senate Bill 824, adds an obligation to provide regulatory notice and tweaks the definition of personal...more
Pennsylvania's Amended Data Breach Law Upends Standard Framework -
Pennsylvania recently amended their data breach notification law in a way that turns the status quo on its head. The law, Senate Bill 824, adds an...more
Over the weekend, a bipartisan and bicameral group in Congress unveiled a privacy proposal—The American Privacy Rights Act of 2024 (APRA)—along with a brief summary. The APRA builds on existing privacy frameworks at the state...more
The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirements of Florida’s data breach notification...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement...more
On April 27th, Washington State’s governor signed the Washington State My Health My Data Act—a law the legislature nominally designed to increase healthcare privacy. But it does more than that. The law uses sweeping...more
Do you use Google Analytics? Do you tell consumers that you do not sell personal information? If you answered yes to both of those questions, then this alert is for you! The California attorney general recently took the...more
California’s legislature overwhelmingly passed (with veto-proof majorities) the California Age-Appropriate Design Code Act (AB 2273) to—at least in theory—regulate companies’ processing of children’s personal information. In...more
Let’s face it: CCPA compliance is not easy. And a recent study provides additional evidence for the commonsense conjecture that companies trying to just “follow the law” often do more or less than is required. In this alert,...more