State attorneys general have relied on a combination of state consumer protection law, state comprehensive privacy law, federal children’s privacy law and multistate letters in cases against privacy violators, according to a new report from the Electronic Privacy Information Center.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
Companies selling wearable devices should start with privacy by design to better comply with a growing body of privacy laws, said Duane Morris privacy attorney Michelle Donovan during the law firm’s webinar Tuesday.
New York should catch up with many other states and enact comprehensive privacy legislation, officials from the state attorney general’s office told a joint hearing of the Assembly Consumer Affairs and Science committees recorded Tuesday.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
European privacy professionals remain concerned President Donald Trump could nullify the EU-U.S. Data Privacy Framework (DPF) by reversing former President Joe Biden’s executive order establishing the DPF, said Austrian activist and privacy attorney Max Schrems on Tuesday.
With advancements in AI and wearable technology, privacy concerns about reproductive health data are “at a pivotal intersection of federal and state regulations,” said Troutman lawyers in a blog post. As such, companies with a connection to health care, no matter how tenuous, should assess their data processes and collection policies, they added.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
A Delaware health care company violated HIPAA rules by publicly sharing patient data without consent, the Health and Human Services Office for Civil Rights announced in a settlement Tuesday.
Gov. Gavin Newsom (D) signed a bill aimed at protecting reproductive health privacy. Previously, the legislature passed AB-45 on Sept. 13. It takes effect Jan. 1.
When carrying out enforcement actions, regulators are looking for companies to be upfront about incidents and willing to work with them to solve issues, said state and federal regulators during a panel at a Practising Law Institute (PLI) cybersecurity conference Monday.