Companies must understand their websites' tracking technologies and know what data they collect so they can remain compliant. This is especially so within the healthcare sector, said panelists during an IAPP webinar about Health Insurance Portability and Accountability Act (HIPAA) compliance Wednesday.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
A New York public accounting firm settled with the Department of Health and Human Services for $175,000 over claims it violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, the Office for Civil Rights announced Monday following a ransomware attack investigation.
Femtech offers groundbreaking innovations in women's health but also poses serious privacy threats, data protection lawyers said. Even the EU, with its General Data Protection Regulation and AI Act, and the U.K., with its version of the GDPR, may not always provide adequate protection for the highly sensitive personal data that femtech apps collect and use, they added.
The security of patient data shared with the Trump administration’s HealthTech Initiative will depend on participating companies’ existing controls, not regulation, attorneys at Orrick said Friday (see 2508040021).
The federal jury decision earlier this month that Meta violated the California Invasion of Privacy Act (CIPA) illustrates how tracking technologies can pose serious risks if not responsibly deployed, said Ice Miller lawyers in a Monday blog post. The jury in Frasco v. Flo Health, Inc. found the social media platform intentionally eavesdropped on users of the health app Flo Health without consent and received sensitive data on users' menstrual cycles and reproductive health (see 2508040041).
A coalition of cities and other organizations on Friday appealed a June decision that vacated most of a rule that reduced the instances where protected health information can be used or disclosed to investigate a person who sought lawful reproductive health care.
Dental insurance company Healthplex must pay a $2 million penalty for violating the New York State Department of Financial Services' (DFS) cybersecurity regulation, Superintendent Adrienne Harris announced Thursday. A DFS investigation showed Healthplex lacked an adequate data retention policy that would have limited the storage of emails, which resulted in exposure of consumer data during a breach in 2021.
Amid rising regulatory scrutiny over AI-based therapy, Texas Attorney General Ken Paxton (R) opened a probe into Meta, Character.AI and other chatbot platforms “for potentially engaging in deceptive trade practices and misleadingly marketing themselves as mental health tools,” the AG’s office said Monday.
Meta asked a federal court Monday to reverse the verdict or, alternatively, hold a new trial in a case involving allegations that the company shared sensitive health information with third parties without user consent. The social media platform argued "the evidence at trial does not fit plaintiffs’ legal claim."
A federal court granted a preliminary injunction Tuesday blocking the U.S. Department of Health and Human Services (HHS) from using certain states' Medicaid data for immigration enforcement purposes. The block from the U.S. District Court for Northern California comes after a multistate coalition, led by California, filed a lawsuit against HHS for providing individuals' health data to the Department of Homeland Security (DHS) and its Immigration and Customs Enforcement (ICE) agency (see 2507010060).