Consumer advocates on Thursday continued to sound the alarm over the White House’s plans to work with tech companies in building a health data-sharing system.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
President Donald Trump’s possible health-tracking system with Big Tech companies should increase the urgency for New York Gov. Kathy Hochul (D) to sign a health data privacy bill that passed the state legislature months ago, Assemblymember Linda Rosenthal (D) said in a Wednesday interview with Privacy Daily: “I will bring it to” the governor's office’s “attention today.”
The growing practice of uploading medical reports on generative AI platforms is an "alarming phenomenon" because it risks loss of control over people's sensitive health data and the provision of incorrect information to the public, Italian data protection authority (DPA) Garante said Wednesday.
The Senate should revisit legislation to protect consumers’ health data privacy outside the scope of the Health Insurance Portability and Accountability Act (HIPAA), Sens. Bill Cassidy, R-La., and Jacky Rosen, D-Nev., told us in recent interviews (see 2507090048).
Recent settlements show the vulnerability of companies that hire privacy vendors and think they're in compliance, Frankfurt Kurnit attorneys said during a webinar Thursday. In addition, they noted that states besides California are becoming more active in privacy litigation and enforcement.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Healthline apparently violated “the gossip test for sensitive data” when it shared with advertisers titles of articles that individual users were reading, which effectively suggested they had certain medical diagnoses, Cobun Zweifel-Keegan, IAPP managing director for Washington, D.C., posted on the privacy association’s website Friday.
California is “moving quickly” to block the Trump administration from illegally sharing individuals’ sensitive information for immigration enforcement purposes, Attorney General Ron Bonta (D) said Thursday.
California privacy bills related to location, public officials and reproductive health cleared the Senate Judiciary Committee after a lengthy hearing earlier this week, the state legislature’s website showed Thursday.