Despite its antecedents in one of the most widely cited law review articles of all time from more than 130 years ago, modern United States privacy law is roughly twenty years old. Even though still in its relative infancy,...more
7/8/2021
/ Big Data ,
California Consumer Privacy Act (CCPA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Sensitive Personal Information ,
State Privacy Laws
In today’s interconnected world, personal information has never been more broadly collected and analyzed by governments and corporations alike, making it imperative that we understand, enforce and update privacy laws in order...more
On June 7, 2021, the Federal Trade Commission (FTC) announced a settlement with MoviePass relating to allegations that MoviePass and its executives took steps to block subscribers from using the service as advertised, and...more
On June 7, 2021, the Colorado House of Representatives passed the Colorado Privacy Act (CPA), a comprehensive privacy law similar to the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), as well...more
6/9/2021
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
On June 4th, 2021, the European Commission adopted and published a new set of so-called standard contractual clauses (“SCCs”) providing a legal basis for international transfers of personal data from the EU/EEA to third...more
6/7/2021
/ EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
Last Friday - on March 25, 2021 - Acting FTC Chairwoman Rebecca Kelly Slaughter announced the creation of a new rulemaking group within the FTC’s Office of the General Counsel. With this group, the FTC is poised to create new...more
On March 17, California officials announced the inaugural membership of the five-member board for the California Privacy Protection Agency (CPPA). The formation of the CPPA is a requirement of the recently passed California...more
The Biden Administration is expected to devote significant resources to investigating fraud and abuse in the health care industry. Not only will the Biden Administration likely continue investigating traditional health care...more
3/18/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
EHR ,
Enforcement Programs ,
Executive Orders ,
Foreign Corrupt Practices Act (FCPA) ,
Fraud and Abuse ,
Health Care Providers ,
Healthcare Facilities ,
Nursing Homes ,
Opioid ,
Skilled Nursing Facility ,
Telehealth
The long wait to see if any state would join California in passing a comprehensive privacy law is finally coming to an end, as the Virginia Senate passed the Virginia Consumer Data Protection Act (CDPA) on February 3. An...more
On January 15, 2021, the Fifth Circuit vacated a $4.3 million penalty that the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) had issued against the University of Texas M.D. Anderson Cancer...more
While still in its relative infancy, privacy law has quickly become a turbulent teenager, with constant change around the world.
At a minimum, 2021 will require meaningful efforts to implement the changes of 2020, with a...more
1/5/2021
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Security ,
Enforcement ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Legislative Agendas ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Ransomware ,
Schrems I & Schrems II ,
State Attorneys General ,
State Privacy Laws
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
12/23/2020
/ 21st Century Cures Act ,
Business Associates ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HITECH Act ,
NIST ,
Penalties ,
Rulemaking Process
On December 17, 2020, the Office of the Comptroller of the Currency, Treasury (OCC); the Federal Reserve; and the Federal Deposit Insurance Corporation (FDIC) issued a Notice of Proposed Rulemaking that would require...more
12/22/2020
/ Bank Secrecy Act ,
Banking Regulators ,
Banks ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Financial Institutions ,
GLBA Privacy ,
NPRM ,
Popular ,
Reporting Requirements ,
Suspicious Activity Reports (SARs)
Following a pattern of familiarity for health lawyers, the Department of Health and Human Services (HHS) has released a substantial Notice of Proposed Rulemaking (NPRM) in December at the end of an administration. The NPRM is...more
On December 10, 2020, less than two months after proposing previous modifications, the California Attorney General’s Office proposed a fourth set of modifications to the California Consumer Privacy Act (CCPA) regulations...more
Health-care privacy is at a crossroads. For almost 20 years, the health-care industry has addressed the requirements of the HIPAA Privacy and Security Rules, building reasonable and appropriate compliance programs from an...more
On November 11, 2020, the European Data Protection Board (“EDPB”) released two documents as a follow-up to the Court of Justice of the European Union’s (“CJEU”) notable July 2020 decision, known as Schrems II. These documents...more
On November 3, the California Privacy Rights and Enforcement Act (“CPRA”) was voted into law with close to 56 percent of California voters supporting the measure. The CPRA is the latest comprehensive privacy law to pass in...more
We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more
Less than a month before Californians are to vote on the California Privacy Rights Act (CPRA), the California attorney general (California AG) proposed a third set of modifications to the California Consumer Privacy Act’s...more
In September, the California Attorney General (the “AG”) reached a settlement with Glow, Inc. (“Glow”), a technology company that is responsible for an ovulation and fertility-tracking mobile application called the Glow app....more
In a flurry of legislative activity, the California legislature passed a number of last-minute privacy bills that now await the signature of Governor Gavin Newsom in order to go into effect. As was expected, the California...more
The European Court of Justice (the “Court”) issued the long-awaited “Schrems II” decision. (see Facebook Ireland Ltd. v. Maximillian Schrems).
In its decision, the Court (1) struck down the Privacy Shield program that...more
In response to the lifting or relaxing of shelter in place orders in a number of states, many businesses plan to resume certain operations during the pendency of the COVID-19 pandemic. The health, safety, and well-being of...more
Security existed as a business norm long before it became a legal and compliance requirement. Doctors' offices locked their doors at night to ensure no one could access their records. Stores took precautions when they walked...more