Privacy & Cybersecurity
Viewpoints
Filter by:
HIPAA Privacy Protections for PHI related to Reproductive Health Care: The Final Rule and what Covered Entities and Business Associates need to Know
April 26, 2024 | Blog | By Cassandra Paolillo
Earlier this week, the Biden-Harris Administration, through the Office for Civil Rights (OCR) announced a Final Rule aimed at protecting protected health information (PHI) related to lawfully provided reproductive health care services. As we discussed last year, the HIPAA Privacy Rule to Support Reproductive Health Care Privacy was proposed in response to concerns about the confidentiality of PHI related to reproductive health care following the decision in Dobbs v. Jackson Women’s Health Organization. In the executive summary of the Final Rule, OCR emphasized that the changing post-Dobbs legal landscape “increases the likelihood that an individual’s PHI may be disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in health care providers and the health care system.” The Final Rule defines “reproductive health care” as “health care…that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes.”
Read more
American Privacy Rights Act – Another Shot at a Comprehensive Federal Privacy Law
April 17, 2024 | Blog | By Cynthia Larose, Christopher Buontempo
New Jersey Adopts a Comprehensive Data Privacy Law
April 15, 2024 | Blog | By Cynthia Larose, Jon Taylor
HHS Health Care Cybersecurity Performance Goals: Proposed Incentives, Penalties and Compliance Standards Review
April 4, 2024 | Blog | By Pat Ouellette
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and then proposed in the HHS FY 2025 Budget to establish certain HPH CPG compliance incentives and penalties for hospitals.
Read more
Further Updates to the CPPA Proposed Regulations: Risk Assessments and Automated Decisionmaking Technology
March 25, 2024 | Blog | By Cynthia Larose, M. Bertie Magit
Major Win for California Privacy Protection Agency: Enforcement of Regulations Can Begin Immediately
February 15, 2024 | Blog | By Cynthia Larose
If you have been relying on last year’s court order staying the ability of the California Privacy Protection Agency (CPPA) to enforce regulations promulgated under the California Privacy Rights Act (CPRA) to also stay your own CPRA compliance program --- time to ramp back up. Read more
Read more
New Year, New Privacy Law in New Jersey
January 30, 2024 | Blog | By M. Bertie Magit
Consumer privacy protection must have been tops on the New Jersey legislature’s list of New Year’s resolutions. The year was just two weeks old and New Jersey became the first State in 2024 to enact a comprehensive privacy law and is now one of over a dozen states to have its own comprehensive privacy law (together, the Privacy States”). New Jersey Governor Phil Murphy wrote in a recent press release that he is proud New Jersey is better protecting its residents with Senate Bill 332/A1971 (the “Law”). This comprehensive law aims to protect consumer privacy by creating strict requirements for how applicable companies may use and collect personal data from New Jersey consumers and provides such consumers with rights of access, modification and deletion of their personal data.
Read more
FTC Warns AI Companies to Honor Privacy and Confidentiality Commitments — AI: The Washington Report
January 19, 2024 | Blog | By Michael Katz, Bruce Sokler, Alexander Hecht, Christian Tamotsu Fjeld, Raj Gambhir
2023 Round-Up on State Consumer Data Privacy Laws
December 28, 2023 | Blog | By Ilse P. Johnson, Michael Katz, Jon Taylor
Updates to CPPA Proposed Regulations – Part 2: Risk Assessments and Automated Decisionmaking Technology
December 15, 2023 | Blog | By M. Bertie Magit
This post will analyze the discussion and draft regulations for risk assessments and automated decisionmaking technology. The board spent over three hours on this agenda item, focusing closely on defined terms and the timing of certain requirements. As these regulations will impose new burdens and restrictions on many businesses, the board is walking a tightrope, balancing between protecting the consumer and burdening businesses.
Read more
Updates to CCPA Proposed Regulations: Cybersecurity Audits
(Spoiler Alert … they will cost real money and take real effort)
December 14, 2023 | Blog | By Christopher Buontempo
HHS Proposes Plan to Advance Cyber Resiliency in Health Care; OCR Settles Phishing Attack Investigation
December 12, 2023 | Blog | By Pat Ouellette
The U.S. Department of Health and Human Services (HHS) released a concept paper on December 6, 2023 outlining its action plan to enhance cyber resiliency in the health care sector by proposing certain voluntary cybersecurity actions and standards that may ultimately become requirements. For health care organizations such as hospitals, “cyber resiliency” generally means how organizations anticipate, operate during, respond to, and recover from cyber attacks such as ransomware attacks, cloud exploitations, phishing or spear-phishing attacks, software and zero-day vulnerabilities, or distributed denial of service attacks.
Read more
FCC Partners With States to Increase on Privacy and Data Protection Investigations, Signaling Increased Focus on Future Enforcement
December 8, 2023 | Blog | By Jonathan P. Garvin
The Federal Communications Commission (“FCC”) announced Thursday that in furtherance of the work of the agency’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau signed Memoranda of Understanding (“MOU”) with the Attorneys General of Connecticut, Illinois, New York, and Pennsylvania to share expertise and resources and to coordinate efforts conducting privacy, data protection and cyber-security-related investigations. Read more about this noteworthy legislative step.
Read more
OCR Cybersecurity Newsletter Emphasizes Significance of HIPAA Sanction Policies
October 23, 2023 | Blog | By Pat Ouellette
The Office for Civil Rights (OCR) recently offered covered entities and business associates (Regulated Entities) not-so-subtle reminders in its October 2023 Cybersecurity Newsletter that effective sanction policies can encourage HIPAA compliance. Regulated Entities are required by HIPAA to implement sanction policies in which they impose “appropriate sanctions” against their respective workforce members who fail to comply with the Privacy Rule or Security Rule, the Regulated Entity’s privacy policies and procedures, and/or the Regulated Entity’s security policies and procedures, as applicable. These sanction policies are important administrative safeguards meant to ensure there are objective, documented consequences for HIPAA non-compliance among workforce members. The recent proliferation of social engineering attacks and increasingly sophisticated nature of external cybersecurity threats in health care underscore the importance of Regulated Entities consistently reviewing and applying sanction policies.
Read more
California Continues to Expand Privacy Protections
October 13, 2023 | Blog | By Michael Katz, Cynthia Larose, M. Bertie Magit
Draft Cybersecurity Audit and Risk Assessment Regulations Issued by CPPA
August 29, 2023 | Blog | By Cynthia Larose
SEC Adopts Final Cybersecurity Rules for Public Companies
August 1, 2023 | Blog | By Cynthia Larose, John Condon, Michael Katz, Stefan Jović
The SEC adopted its final rules and amendments concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”) on July 26, 2023. In this article we highlight some of the principal changes to the cybersecurity rules first proposed by the SEC more than 16 months prior.
Read more
OCR and FTC Issue Joint Statement Warning Health Care Providers and App Developers About Use of Third Party Online Tracking Technologies
July 24, 2023 | Blog | By Kathryn Edgerton, Lara Compton, Kate Stewart
Covered entities, business associates, and any entities that collect health information about consumers online should carefully review the latest joint letter from the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC). On July 20, 2023, the agencies sent a joint letter to approximately 130 hospital systems and telehealth providers warning them about “serious privacy and security risks related to the use of online tracking technologies” such ad Google Analytics and Meta/Facebook Pixel. That letter was subsequently shared publicly and should be reviewed by any entity subject to regulation by either agency.
Read more
Texas Has Been Busy Ramping up Privacy Protections with new Comprehensive Data Privacy Law and Stricter Data Breach Notification Requirements
July 10, 2023 | Blog | By Cynthia Larose, Michael Katz, Danielle Barney
The FTC Sets Its Sights on Biometric Information
July 6, 2023 | Blog | By Christopher Buontempo, Cynthia Larose
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Value-Based Care
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology