Privacy Daily is providing readers with our top 20 most read stories published in 2025. All articles can be found by searching the titles or clicking on the hyperlinked reference numbers.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
Despite stricter court rulings and limits on the use of older statutes to regulate newer technologies, 2025's increase in privacy litigation, especially around tracking technologies, looks set to continue into 2026, said privacy lawyers in interviews. Additionally, the potential for lawmakers clarifying the California Invasion of Privacy Act (CIPA) could push litigators to bring cases at even faster rates this year as they hope to file before an amendment becomes effective, one lawyer said.
Health care providers should update their HIPAA-related Notice of Privacy Practices by Feb. 16 to comply with new rules related to substance use disorder records, Holland & Hart said in a post Tuesday (see 2512100062).
The 23andMe bankruptcy earlier this year showed that U.S. policymakers must “close the governance cracks” around genetic data privacy, academics from the Georgetown University McCourt School of Public Policy said in a Tech Policy Press op-ed Tuesday. “The inherently sensitive and identifying nature of genomic data is currently at the mercy of a weak regulatory framework.”
Efforts continue to pass a New Mexico comprehensive privacy bill that includes a private right of action, but logistical issues in the legislature could prevent the measure from getting a hearing in 2026, supporters said.
New York state will require warning labels on social networks detailing their mental health risks. Gov. Kathy Hochul (D) late Friday signed S-4505, which passed the legislature in June (see 2506180004).
New York Gov. Kathy Hochul (D) on Friday evening signed comprehensive AI legislation with chapter amendments she negotiated with bill sponsors, as expected (see 2512190016, 2511170054 and 2512100008).
Friday night’s veto of a New York health data privacy bill might not be the end of the story. S-929 sponsor Sen. Liz Krueger (D) “is planning to reintroduce this bill or something similar next session,” a spokesperson told Privacy Daily on Monday. In addition, the New York Civil Liberties Union (NYCLU) plans to work with S-929's sponsors to “try again next year,” Allie Bohm, senior policy counsel, emailed us.
A bill that would add carveouts to New Jersey’s comprehensive privacy law is nearing the finish line. The Senate voted 38-0 on Thursday to pass A-5017, which would exempt insurance-support organizations and national securities associations from certain disclosure requirements in the New Jersey Data Protection Act, which already exempted insurance institutions.
New York Gov. Kathy Hochul (D) vetoed a controversial state health data privacy bill (S-929) on Friday, an aide to Assembly sponsor Linda Rosenthal (D) told us.