Health Insurance Portability and Accountability Act (HIPAA)
-
January 6, 2025
It’s That Time of Decade: HHS Proposes Long-Awaited Updates to the HIPAA Security Rule
On December 27, 2024, the U.S. Department of Health and Human Services (HHS) proposed significant amendments to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, aiming to bolster cybersecurity requirements for covered entities and business...
Marci Rozen, Jon Frankel, Mason Weisz, Anna Hsia
-
October 14, 2024
Is GIPA the New BIPA? Illinois’ Other Personal Privacy Law
Even if you’re familiar with Illinois’ Biometric Information Privacy Act (BIPA), you may not be familiar with its less (in)famous cousin, the Genetic Information Privacy Act (GIPA). But GIPA litigation presents an increasing risk to employers, insurers,...
Michael Bleicher, Jeff Landis
-
May 12, 2023
Washington’s “My Health, My Data” Act Prescribes Restrictive Health Data Rules
Enacted on April 27, 2023, Washington’s “My Health, My Data” Act (the “Act”) creates significant compliance obligations for companies processing data in its scope. The expansive reach of the Act, coupled with a private right of action...
Hannah Schaller, Melissa Maalouf, Anna Hsia
-
February 2, 2023
FTC Sends Strong Warning Against Online Tracking and Advertising Using Health Data
On February 1, 2023, the FTC announced an enforcement action against GoodRx for unlawfully disclosing users’ health information through the use of third-party tracking technologies, sending a strong warning to the online health industry against tracking health-related...
Anna Hsia, Hannah Schaller, Melissa Maalouf
-
February 16, 2021
Fifth Circuit Narrowly Interprets HIPAA Encryption and Disclosure Rules
The U.S. Court of Appeals for the Fifth Circuit has vacated a $4.3 million civil monetary penalty that the Department of Health and Human Services levied against a covered entity in 2017, finding the fine was arbitrary,...
Hannah Schaller, Jason Wool
-
January 28, 2021
Proposed HIPAA Changes for Business Associates
Photo credit: Denys Prykhodov – stock.adobe.com. The Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 10, 2020, proposing changes to the HIPAA Privacy Rule. In this post, we focus on...
Hannah Schaller, Jason Wool
-
May 31, 2019
10 Ways a Business Associate Can Trigger HIPAA Enforcement
The Department of Health and Human Services (“HHS”) may have signaled its interest in pursuing more enforcement actions against business associates. On May 24, 2019, the HHS Office for Civil Rights (“OCR”), released a fact sheet on the...
Michelle Anderson, Devron Brown
-
May 6, 2019
HHS Announces Reduced Annual Limits on Civil Money Penalties for Most HIPAA Violations
The Department of Health and Human Services (“HHS”) recently issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (“CMPs”) in which it lowered the maximum annual fines that can be assessed against covered entities and...
Michelle Anderson, Jason Wool
-
September 20, 2018
CCPA Update: Amendments Head to Governor’s Desk; Money Allocated for Regulations
Note: SB 1121 was signed into law on September 23, 2018. On August 31, 2018, the California legislature unanimously passed a bill, SB 1121, amending the California Consumer Privacy Act (“CCPA”). While the bill does...
Marci Rozen
-
October 27, 2016
HIPAA and the Cloud: HHS Issues Guidance on PHI and Cloud Computing
The Department of Health and Human Services recently issued some much-needed guidance on how HIPAA applies when protected health information (“PHI”) is stored in the cloud. Some key highlights are below. Cloud providers that store...
Anna Hsia
