On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
4/10/2025
/ Banks ,
Cybersecurity ,
Data Security ,
Filing Deadlines ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
3/24/2025
/ Artificial Intelligence ,
Banks ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Health Care Providers ,
Healthcare ,
Healthcare Facilities ,
Machine Learning ,
NIST ,
Risk Management ,
Vulnerability Assessments
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
1/2/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
Life Sciences ,
NPRM ,
OCR ,
PHI ,
Regulatory Agenda ,
Rulemaking Process
As of November 1, 2024, financial services companies regulated by the New York Department of Financial Services Cybersecurity Regulation face new requirements relating to cybersecurity governance, encryption, and incident...more
On Thursday, June 20, 2024, a U.S. District Court Judge ruled that the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) overstepped its authority to act when issuing its December 2022 bulletin...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
2/29/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Patient Privacy Rights ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Posting Requirements ,
Washington
Summer 2023 gave us a blast of new and distinctive consumer health data privacy legislation. The Washington legislature could not wait to start showing off and splashing around in the summer sun by passing the country’s...more
As industry stakeholders know, cyberattacks and breaches have been on the rise in the health care industry. IBM Security’s 2023 annual report notes that the average health care data breach has reached $10.93M and that health...more
This is Part Ten in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”), where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the privacy...more
This is Part Eight in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
7/24/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Healthcare ,
Personal Information ,
Popular ,
Privacy Laws ,
Washington
This is Part Six in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) in which Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating waves in the...more
This is Part Three in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
6/14/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Healthcare ,
Medical History ,
Mental Health ,
Personal Data ,
Personally Identifiable Information ,
Popular
After several months of privacy developments to start 2023, this trend has not only continued, but has continued at an accelerated pace into June. As state legislatures adjourn for summer recess, it is a good time to take...more
This is Part Two in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles is doing a deep dive into the various factors and intricacies of the Act that are shaping up to create a sea of...more
6/9/2023
/ B2B Organizations ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Geolocation ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Life Sciences ,
Personal Data ,
Washington
Effects to consumer health data collection and processing will be felt in Washington and beyond with new consumer rights and consent requirements as well as a private right of action....more
After the year led with the effective dates for the California Consumer Privacy Act and the Virginia Consumer Data Protection Act, the first quarter of 2023 has continued to bring a number of data privacy updates and...more
The Biden Administration announced that the federal COVID-19 Public Health Emergency (PHE) will expire at the end of the day on May 11, 2023. As we draw closer to the expiration date of the PHE, do you feel fine about your...more
3/20/2023
/ Biden Administration ,
Business Associates Agreement (BAA) ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Public Health Emergency ,
Telehealth ,
Telemedicine
As we settle in to 2023 and return to our “circle back in the new year” projects, it is a good time to catch up on data privacy and security updates from the end of 2022 and set priorities for 2023. To help you start the year...more
Spring and summer have been busy seasons in the data privacy and security space. Here are some recent health updates to keep you up to speed...more