Privacy laws bring substantial compliance challenges for every organization that collects, processes, stores, and transfers personal data anywhere in the world. For legal departments, compliance professionals and internal...more
Comprehensive consumer privacy laws continue to hit the desks of governors in states across the country, with nineteen state laws now on the books. Since we wrote our 2023 Round-Up on State Consumer Data Privacy Laws article...more
On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
Last month, Nebraska passed the Nebraska Data Privacy Act (NDPA), making it the latest state to enact comprehensive privacy legislation. Nebraska joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana,...more
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P - On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
Keypoint: The CPA draft rules are a complex and lengthy set of regulations that, if adopted without substantial modification, will significantly expand the CPA’s requirements and require controllers to carefully consider...more
Our Virtual Regional Healthcare Compliance Conferences provide updates on the latest news in regulatory requirement, compliance enforcement, and strategies to develop effective compliance programs. Watch, listen, and ask...more
CYBERSECURITY - Medical Center Rebuilding EMR Following Ransomware Attack - Queen Creek Medical Center (QCMC), also known as Desert Wells Family Medicine, located in Arizona, has notified up to 35,000 patients of a data...more
On July 7, 2021, Colorado Governor Jared Polis signed into law S.B. 21-190, known as the Colorado Privacy Act (“CPA”). Colorado is now the third U.S. state to enact comprehensive consumer data privacy legislation, following...more
Our Privacy, Cyber & Data Strategy Team highlights some of the similarities and differences between Colorado’s new consumer privacy law and its older siblings in California and Virginia....more
The Ohio Personal Privacy Act, also known as House Bill 376, is being considered in the Buckeye State. Here are a few takeaways: •Enforcement by Attorney General only- •Affirmative defense for companies that maintain...more
CYBERSECURITY - GAO Report Identifies Need for DOE to Address Risks to Electrical Distribution System - The United States Government Accountability Office (GAO) recently completed and published a study on electricity...more
In December 2020, the Department of Health and Human Services (HHS) announced proposed major revisions to the HIPAA Privacy Rule, which would be the first significant changes to the Privacy Rule since the 2013 Omnibus Rule. ...more
The applicability date for the Information Blocking regulations in the ONC Cures Act Final Rule was set as November 2, 2020, but was subsequently adjusted in the ONC Interim Final Rule to April 5, 2021, in recognition of the...more
CYBERSECURITY - Health and Personal Information of N.C. Residents Posted Online by Ransomware Group - Becker’s Health IT reports that two batches of sensitive information of Chatham County, N.C. residents have been posted...more
Health care technology has seen an incredible amount of change over the past twelve months. As health care providers and entities continue to provide patient care in unprecedented times, it is becoming increasingly important...more
2020 was an active year for HIPAA regulatory activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In this article, we take a look at some of the HIPAA highlights from 2020 and...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
On December 10, 2020, the Department of Health and Human Services (HHS) announced proposed revisions to the HIPAA Privacy Rule that would significantly impact the day-to-day operations of HIPAA covered entities. In this...more
CYBERSECURITY - HHS Issues Update to Ransomware Threat Alert to Health Care Sector - The Department of Health and Human Services’ (HHS) Division of Critical Infrastructure Protection (CIP) issued a health care and public...more
On January 15, the Court of Justice of the European Union’s (CJEU) Advocate General (AG) Manuel Campos Sánchez-Bordona delivered his Opinion on four references for preliminary rulings on the topic of retention of and access...more
Ireland’s Data Protection Commission has issued a guidance note on the right of access under the General Data Protection Regulation....more
A local Munich court has interpreted the right of access under Article 15 of GDPR and German law. Here are some key takeaways for GDPR and for consumer access requests under CCPA: The right of access under GDPR is a...more
On October 28, 2015, the District Court of Appeal in the First District of Florida held in Southern Baptist Hospital, Inc. v. Jean Charles, Jr. et al. that the federal Patient Safety and Quality Improvement Act of 2005...more