Updates to Statute 1557 that Healthcare Providers Need to Know
Privacy and Healthcare Business Associates with Isabella Porter
State Law Privacy Video Series | Healthcare Entities and Health Data
Gerry Blass on Healthcare Vendor Risk Management
AGG Talks: Technology - In the Balance: Interoperability and Security
Is Your Practice's Marketing HIPAA Compliant?
Relaxed HIPAA Restrictions For Providers Using Telehealth
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
Polsinelli Podcasts - Confusion to Clarity on the Future of the 340B Program
Polsinelli Podcast - HIPAA Changes Overview
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
On May 16, 2024, the Securities and Exchange Commission adopted amendments to Regulation S-P, the regulation that governs the treatment of nonpublic personal information about consumers by certain financial institutions....more
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more
With the bipartisan, bicameral proposed American Privacy Rights Act of 2024, the U.S. Congress seeks to adopt the first national personal data privacy and security law that would preempt comprehensive state privacy laws....more
On March 18, 2024, the Office for Civil Rights ("OCR") at the U.S. Department of Health and Human Services ("HHS") published updated guidance on the use of online tracking technologies by HIPAA covered entities and business...more
Two leading U.S. legislators have unveiled a bipartisan plan to enact the first comprehensive federal data privacy law. The proposed American Privacy Rights Act (APRA) largely mirrors common themes in the patchwork of state...more
Readers of this blog are well aware of the recent surge in data privacy litigation. In February 2024, Atlas Data Privacy Corporation (“Atlas Data”), a consumer data protection company, filed over 100 lawsuits in the State of...more
A number of new state privacy laws now govern and mandate certain contractual requirements for collecting, sharing, and processing of personal information. Personal information is generally defined as data that is linked or...more
Washington State and Nevada have now passed health data privacy laws that impose obligations relating to the collection, processing, and sharing of “consumer health data.” Both laws (collectively, State Health Data Privacy...more
Oregon’s governor has now signed into law the state’s comprehensive privacy law. Meaning, there are now 12 states with these laws, six of which were passed just this year (others passed in 2023 were Iowa, Indiana, Tennessee,...more
In June, Texas became the tenth state with a comprehensive privacy law. The Texas Data Privacy and Security Act (“TDPSA”) contains familiar provisions from other state privacy laws regulating the collection, use, processing,...more
The SEC continues its overhaul of cybersecurity, cyber incident reporting, and privacy controls and requirements for industry registrants, their services providers, and corporate America generally. On March 15, 2023, the SEC...more
By now, it is generally known that comprehensive privacy laws include requirements to allow consumers to opt-out of the sale of the their personal information, including personal information collected through the use of...more
In the last year, we continued to see a shift in the privacy landscape of the United States, including the passage of comprehensive privacy legislation in both Virginia and Colorado, while other states still have bills under...more
The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance regarding the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) privacy rule (the “Privacy Rule”) in the...more
Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the...more
Transparency and communication are cornerstones of a successful relationship—and the employment relationship is no exception. The California Consumer Privacy Act (“CCPA”) came into effect on January 1, 2020, bestowing two...more
Report on Patient Privacy 20, no. 2 (February 2020) - A ruling from Georgia’s highest state court could set a precedent that determines recourse for victims of cyberattacks. The Georgia Supreme Court ruled in late December...more
The California Consumer Privacy Act (“CCPA”) grants new rights to California consumers, took effect on January 1, 2020. In response, businesses must take on new obligations....more
Many small or solo franchisees, subsidiaries, and affiliates of larger businesses may think the California Consumer Privacy Act (CCPA), does not apply to you because you don’t meet one of the three threshold criteria. Your...more
When Does CCPA Start? ..The California Consumer Privacy Act (CCPA) is effective January 1, 2020. ..It also includes a 12-month “look-back” period to January 1, 2019. ..It is also important to note that several...more
Your business complies with the General Data Protection Regulation ("GDPR") and/or Turkish Personal Data Protection Law numbered 6698 and its secondary legislation ("PDPL"); but does it comply with the California Consumer...more
Companies are still scrambling to comply with the new California Consumer Privacy Act of 2018 ("CCPA"), which became effective on January 1, 2020. The CCPA provides new rights and protections for "consumers," defined as...more
The short answer is “no”. The CCPA has a specific definition for “service provider” at Section 1798.140(v) – and it also requires a vendor to be bound by a written contract that prohibits it from...more