The next regular session of the Florida Legislature begins on Jan. 13, 2026, but bills are already filed, and only a few weeks of interim committee meetings remain. One of the most significant issues that will dominate this...more
Florida follows Michigan's lead in targeting streaming platforms for children's privacy violations, alleging in a new complaint that Roku willfully collects and sells children's personal data, including sensitive information...more
10/24/2025
/ Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Brokers ,
Data Privacy ,
Enforcement Actions ,
Geolocation ,
Minors ,
Online Platforms ,
Parental Consent ,
Privacy Laws ,
Roku ,
Sensitive Personal Information ,
State Attorneys General ,
State Privacy Laws
The time has come. Last year, the New York State Department of Health (DOH) published a notice of adoption of new hospital cybersecurity requirements, now codified at 10 NYCRR § 405.46 (the Regulations), enhancing the...more
9/22/2025
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
State Health Departments
It is not common for issues related to the Health Insurance Portability and Accountability Act (HIPAA) to make headlines, particularly in a murder case. HIPAA has recently been the subject of court filings in People v. Luigi...more
The U.S. District Court for the Northern District of Texas on June 18, 2025, issued an order vacating the HIPAA Privacy Rule to Support Reproductive Health Care Privacy, published on April 26, 2024, which amended the Health...more
6/20/2025
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Judicial Review ,
Patient Privacy Rights ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Statutory Authority ,
Vacated
The National Institutes of Health (NIH) issued a notice on June 12, 2025, rescinding recent civil rights–related changes to the terms and conditions governing federally funded research (the Rescission). Effective immediately,...more
In the third and final episode of Florida Capital Conversations' healthcare privacy series, Tallahassee attorneys Shannon Hartsfield and Eddie Williams join hosts Nathan Adams and Mia McKown to discuss the challenges of...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
5/14/2025
/ Biden Administration ,
Business Associates ,
Covered Entities ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
New Regulations ,
NIST ,
PHI ,
Regulatory Requirements ,
Sensitive Personal Information ,
Trump Administration
Federal Trade Commission Protects Worship Location Data Shannon Britton Hartsfield and Bess Hinson-Greenspan Recent Federal Trade Commission (FTC) enforcement activity signals that companies need to protect consumer location...more
5/5/2025
/ Data Brokers ,
Employment Discrimination ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Free Appropriate Public Education (FAPE) ,
Free Exercise Clause ,
Gay Conversion Therapy ,
Location Data ,
Mental Health ,
Popular ,
Privacy Laws ,
Protected Class ,
Religious Institutions ,
Reproductive Healthcare Issues ,
RLUIPA ,
Standing
In the first episode of a "Florida Capital Conversations" new healthcare privacy series, Tallahassee healthcare attorneys Shannon Hartsfield and Eddie Williams discuss the evolving landscape of genetic data privacy, focusing...more
The National Institutes of Health (NIH) announced on April 21, 2025, a significant change to the terms and conditions governing federal funding (the Notice) applicable to all NIH grants, cooperative agreements and other...more
4/25/2025
/ ADEA ,
Anti-Discrimination Policies ,
Civil Rights Act ,
Department of Health and Human Services (HHS) ,
Diversity and Inclusion Standards (D&I) ,
Executive Orders ,
Federal Funding ,
Federal Grants ,
Government Agencies ,
Grants ,
National Institute of Health (NIH) ,
Proposed Rules ,
Regulatory Requirements ,
Rehabilitation Act ,
Title IX
The U.S. Department of Health and Human Services (HHS) has issued a Notice of Proposed Rulemaking (NPRM) that strengthens the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), which, if...more
The U.S. Department of Health and Human Services (HHS) has issued an unpublished Notice of Proposed Rulemaking (NPRM) that strengthens the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and, if...more
1/2/2025
/ Business Associates ,
Comment Period ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Security Rule ,
NPRM ,
OCR
Access to quality healthcare services has long been a priority of the U.S. Department of Health and Human Services (HHS), and through its Office for Civil Rights (OCR) this agency has, since at least 2001, sought to provide...more
12/18/2024
/ Affordable Care Act ,
Age Discrimination ,
Biden Administration ,
Bostock v Clayton County Georgia ,
Centers for Medicare & Medicaid Services (CMS) ,
Data-Sharing ,
Dear Colleague Letter ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Final Rules ,
Health Care Providers ,
Medicare ,
Non-Discrimination Rules ,
OCR ,
Patient Access ,
PHI ,
Private Right of Action ,
Regulatory Authority ,
Rehabilitation Act ,
Title IV ,
Title IX
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
12/4/2024
/ Business Associates ,
Compliance ,
Compliance Dates ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
NIST ,
OCR ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Security and Privacy Controls
New York hospitals have less than a year to dust off their Health Insurance Portability and Accountability Act (HIPAA) compliance programs and update them to comply with more stringent and detailed state regulations. Last...more
11/22/2024
/ Chief Information Security Officer (CISO) ,
Compliance ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
New Regulations ,
Personally Identifiable Information ,
PHI ,
Reporting Requirements ,
Risk Assessment ,
Security and Privacy Controls ,
State Health Departments
President Ronald Reagan famously quipped, "I think you all know that I've always felt that the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help."1 At an Oct. 23-24, 2024,...more
10/31/2024
/ Artificial Intelligence ,
Biden Administration ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Incident Response Plans ,
Internet of Things ,
Medical Devices ,
NIST ,
OCR ,
Popular ,
Ransomware ,
Security and Privacy Controls ,
Technical Conference
Healthcare providers running on thin margins or just seeking new (and in the case of tax-exempt providers, permissible) revenue sources may jump at the chance when third party vendors offer to help them monetize their patient...more
7/22/2024
/ Business Associates ,
Data Privacy ,
Data Security ,
Data Selling ,
De-Identification ,
De-Identified Protected Health Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Monetization ,
Penalties ,
PHI ,
Privacy Laws ,
Statutory Violations
A recent federal court decision is a victory for Health Insurance Portability and Accountability Act (HIPAA) covered entities using third-party tracking tools on unauthenticated webpages. These are websites available to the...more
6/26/2024
/ American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Business Associates ,
Covered Entities ,
Federal Trade Commission (FTC) ,
Final Judgment ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
IP Addresses ,
Judicial Review ,
OCR ,
PHI ,
Regulatory Authority ,
Warning Letters ,
Web Tracking ,
Websites
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more
5/14/2024
/ Audits ,
Business Associates ,
Compliance ,
Covered Entities ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
OCR ,
PHI ,
Popular ,
Ransomware ,
Risk Assessment ,
Web Tracking
In the midst of an industry reeling from the Change Healthcare cybersecurity incident, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a series of final rules requiring...more
"Informed consent" has been described as "a bedrock principle of healthcare in a free society," and if a "patient is denied the ability to exercise or even consider informed consent, the patient's personal liberty suffers."1...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued updated guidance on March 18, 2024 regarding the use of online tracking technologies by entities and business associates covered by the...more
3/19/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
Healthcare compliance risks exist even when a company takes steps to structure its business activities to follow the government's own statements. A recent decision by the U.S. District Court for the Eastern District of...more