The Illinois Supreme Court recently held that all causes of action brought under the Illinois Biometric Information Privacy Act (BIPA) are subject to a five-year statute of limitations. The Court’s holding is the latest disappointment for Illinois companies defending BIPA actions and means the scourge of BIPA litigation will continue.
HIPAA Challenges: State AGs Crack Down on Data Privacy
Unlike the European Union, the United States does not have a federal data privacy law like the General Data Protection Regulation. State attorneys general, however, are cracking down on data breaches at healthcare organizations, according to this For the Record article.
HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking technologies, such as cookies, web beacons and pixels. The Bulletin aims to provide further clarity on when identifiable information collected by such tracking technologies may also constitute protected health information (PHI) as defined and interpreted under the HIPAA Rules. In such instances, the Bulletin instructs that the technology vendor may be seen as providing a service to the regulated entity that would, in light of the use and disclosure of PHI, create a direct or downstream business associate relationship. Accordingly, the Bulletin states that the regulated entities would need to enter into a business associate agreement (BAA) with the vendor of the technology (and the vendor would, in turn, become a regulated entity) and meet other requirements under the HIPAA Rules. The Bulletin provides long-awaited guidance to help regulated entities review their positions and procedures concerning tracking technologies to ensure that the trackers they implement either do not collect PHI or meet the prerequisites outlined in the Bulletin.
State Law Privacy Video Series | Employee Exemptions
California, Virginia and Colorado have new privacy laws coming into effect in 2023. But now is the time to start preparing your business or organization for compliance. Throughout the State Law Privacy video series, we examine the different aspects of these laws and provide you the knowledge and tools you need for proper compliance.
In the next video of the series, Associate Fran Forte explores one of the notable exemptions under California’s law as it relates to employee data and how employee data is handled under Virginia and Colorado’s privacy laws.
Conflicting State Laws and ‘Unpredictable’ Enforcement Await Providers in Post-Roe America
In the aftermath of the US Supreme Court’s decision to overturn Roe v. Wade, legal experts say health systems and providers must immediately review their operations and prepare for potential enforcement by state prosecutors. According to this article published in Fierce Healthcare, McDermott Partner Stacey Callaghan said organizations should consult with counsel “as soon as possible” to ensure they understand the new post-Roe landscape.
What Employers Should Do Now That Roe Has Fallen
The monumental decision by the Supreme Court of the United States in Dobbs v. Jackson Women’s Health Organization to overturn Roe v. Wade presents significant challenges for employers and health plans. According to this Law360 article, employers should begin reviewing state laws, evaluating internal company policies, gauging employee reactions and preparing for legal challenges. McDermott’s Sarah Raaii called the Supreme Court’s decision “an administrative and potentially employee relations nightmare for employers.”
“It creates a lot of challenges for employers who just want to do right by their employees and continue offering these abortion benefits that they have historically done in the past,” Raaii said.
The Overturning of Roe v. Wade
On June 24, 2022, the Supreme Court of the United States issued its decision in Dobbs v. Jackson Women’s Health Organization (Dobbs), overturning Roe v. Wade (Roe) and upending 50 years of precedent protecting a woman’s right to privacy in choosing to abort a pregnancy prior to the point of viability.
The effect of this decision on US companies cannot be understated. Any organization whose operations touch family planning services in any way (e.g., providers, those that facilitate operations, investors, payors, employers that provide family planning benefits and health plan service providers) should immediately examine their precise services, geographic footprint, corporate structure and organizational priorities.
To determine the best steps to take for you and your business, we invite you to join us for the second program in our new webinar series on Wednesday, June 29, at 2:00-3:00 pm EDT with McDermott Partners Stacey Callaghan, David Gacioch and Caroline Reignley and Associate Sarah Raaii, who will analyze and share the latest developments around the reversal of Roe and its likely impacts on US companies.
When Are Cryptocurrencies Appropriate Investments for Retirement Plans and IRAs?
The US Department of Labor (DOL) recently issued guidance for the first time on the investment of retirement plan assets in cryptocurrencies. Compliance Assistance Release No. 2022-01 cautions 401(k) plan fiduciaries to “exercise extreme care” before allowing participants to invest plan assets in cryptocurrencies because cryptocurrencies “present significant risks and challenges to participants’ retirement accounts, including significant risks of fraud, theft, and loss.” In this Intellectual Property & Technology Law Journal article, McDermott Partners Andrea S. Kramer and Brian J. Tiemann outline what retirement plan fiduciaries need to know about cryptocurrency investments in the current market.
The Challenges and Opportunities of Hybrid Work
What are some of the challenges and opportunities of hybrid work arrangements? In this Lexology GTDT Market Intelligence article, McDermott Partner Carole Spink offers insight about tracking remote work, navigating local rules, and protecting confidential and propriety information.
Illinois Supreme Court Eliminates Defense to Biometric Privacy Class Actions
Illinois’ Biometric Information Privacy Act (BIPA) has spawned a tsunami of class actions against employers who utilize biometric timekeeping or security systems. Now, the Illinois Supreme Court in McDonald v. Symphony Bronzeville Park, LLC has eliminated a defense invoked by employers facing claims under BIPA: the exclusivity of workers’ compensation.