This post is part of a series of articles we are doing on 2023 data protection litigation trends.
Since its enactment in 2008, Illinois’s Biometric Information Privacy Act (BIPA) has produced a wave of privacy-related...more
2/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Exemptions ,
Fingerprints ,
Health Care Providers ,
IL Supreme Court ,
PHI ,
Privacy Laws ,
Private Right of Action ,
State Privacy Laws ,
Statute of Limitations ,
Statutory Damages ,
Statutory Violations ,
Third-Party Liability
On November 2, 2023, the American Hospital Association (AHA) – alongside the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System – brought a lawsuit against the Department of Health and...more
Our initial thoughts on the Biden Executive Order first appeared on WilmerHale’s Privacy and Cybersecurity Blog the day that the Executive Order was released.
On October 30, 2023, the Biden Administration issued its...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Department of Education ,
Department of Labor (DOL) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Health Care Providers ,
Intellectual Property Protection ,
National Security ,
NIST ,
Regulatory Agenda ,
Technology Sector
Artificial intelligence that can create new texts, images, and other content (or“generative AI”) is revolutionizing every industry, and healthcare is no exception. Doctors are experimenting with using generative AI to improve...more
10/27/2023
/ Artificial Intelligence ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Patient Privacy Rights ,
Privacy Concerns ,
State Privacy Laws
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
7/21/2023
/ Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Policies and Procedures ,
Popular ,
Risk Assessment ,
Risk Management ,
Settlement
On June 30, 2023, the Washington Attorney General (AG) published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act (MHMDA). As we discussed previously, the MHMDA will impose new requirements...more
On May 18, the Federal Trade Commission (FTC) proposed changes to the Health Breach Notification Rule (the HBNR or the Rule), including clarifying the rule’s applicability to health apps and other similar technologies. These...more
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair...more
3/8/2023
/ Advertising ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Enforcement Authority ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LGBTQ ,
Mental Health ,
Pharmacies ,
Section 5 ,
Settlement ,
Telehealth ,
Unfair or Deceptive Trade Practices
On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and...more
2/23/2023
/ Clinical Laboratories ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratories ,
Material Misstatements ,
PHI ,
Settlement ,
State Attorneys General ,
Statutory Violations
On February 2, 2023, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reached a settlement with Banner Health Affiliated Covered Entities (“Banner Health”) for a 2016 data breach that...more
On February 1, 2023, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information with third parties without properly disclosing their data...more
Following the Supreme Court’s ruling overturning Roe v. Wade in Dobbs v. Jackson Women’s Health Organization, the Biden Administration has outlined a framework for federal executive action designed to protect access to...more
7/21/2022
/ Biden Administration ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Executive Orders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
New Guidance ,
PHI ,
Reproductive Healthcare Issues
The Biden Administration is expected to devote significant resources to investigating fraud and abuse in the health care industry. Not only will the Biden Administration likely continue investigating traditional health care...more
3/18/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
EHR ,
Enforcement Programs ,
Executive Orders ,
Foreign Corrupt Practices Act (FCPA) ,
Fraud and Abuse ,
Health Care Providers ,
Healthcare Facilities ,
Nursing Homes ,
Opioid ,
Skilled Nursing Facility ,
Telehealth
On January 15, 2021, the Fifth Circuit vacated a $4.3 million penalty that the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) had issued against the University of Texas M.D. Anderson Cancer...more
Following a pattern of familiarity for health lawyers, the Department of Health and Human Services (HHS) has released a substantial Notice of Proposed Rulemaking (NPRM) in December at the end of an administration. The NPRM is...more
Health-care privacy is at a crossroads. For almost 20 years, the health-care industry has addressed the requirements of the HIPAA Privacy and Security Rules, building reasonable and appropriate compliance programs from an...more
We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more
This second installment assesses options for moving forward to address emerging gaps and an evolving health care industry. Why? Because the substantial history behind the Health Insurance Portability and Accountability Act...more
2/10/2020
/ California Consumer Privacy Act (CCPA) ,
CMIA ,
Covered Entities ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Privacy Laws ,
Proposed Legislation
In the U.S., we do not, today, have a national privacy law. Pressure from the EU, via the General Data Protection Regulation, and from California, via the California Consumer Privacy Act, are driving an extensive national...more
Congress is debating whether to enact a national privacy law. Such a law would upend the approach that has been taken so far in connection with privacy law in the United States, which has either been sector specific...more
The HIPAA privacy rules have been in the news a lot lately. That’s good, but not when it’s for the wrong reasons or based on a misunderstanding of the rules....more