While there were significant implications for compliance when a federal court in June vacated most of the Health Insurance Portability and Accountability Act's Privacy Rule to Support Reproductive Health Care Privacy (see 2506200057), HIPAA-regulated entities shouldn't rush to remove all reproductive health-related policies, said Robinson + Cole lawyers in a Monday blog post.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
People are increasingly using general-purpose AI chatbots like ChatGPT for emotional and mental health support, but many don’t realize that regulations like the Health Insurance Portability and Accountability Act (HIPAA) fail to cover these sensitive conversations, a Duke University paper published last month found. Industry self-regulation seems unlikely to solve the issue, which may disproportionately affect vulnerable populations, said Pardis Emami-Naeini, a computer science professor at Duke and one of the report’s authors.
As privacy litigation under older laws has exploded, some have called for amending decades-old statutes often at the center of lawsuits so that they aren't applied to modern technologies. The California Invasion of Privacy Act (CIPA) in particular has been subject to more scrutiny as litigation has increased (see 2503030050).
A common misconception is that all health and medical data is subject to the Health Insurance Portability and Accountability Act (HIPAA), though the consequences for mistakes could be severe.
New York Assemblymember Alex Bores (D) expects his AI safety bill, the Responsible AI Safety and Education (RAISE) Act, could be revised through the chapter-amendment process, the legislator told Privacy Daily on Wednesday. “We’re open to amendments that … strengthen or clarify the bill.”
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Though the White House’s plans to collaborate with tech companies in building a health data-sharing system could ultimately result in a beneficial network, its current lack of clarity and transparency about data protections is concerning, consumer advocates said.
The Senate Privacy Subcommittee is focused on the Judiciary Committee’s jurisdiction over privacy legislation, but expect collaboration with the Senate Commerce Committee, Sen. Marsha Blackburn, R-Tenn., told us Thursday. Other senators offered views on the White House's plans to work with tech companies to build a healthcare data-sharing system (see 2507310067).
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.