Regulators in California and Colorado recently announced enforcement sweeps under new and newly updated state privacy laws. Companies in Colorado (including nonprofits) and California should double-check their privacy notices, processes and documentation to comply with these laws, particularly the enforcement priorities identified in the notices. Read more here.
Following in the footsteps of Washington State’s My Health My Data Act, the governors of Nevada and Connecticut recently approved Nevada SB 370 and Connecticut SB 3. These bills impose a number of new requirements on the processing of consumer health data. Nevada SB 370 will go into effect on March 31, 2024, while the consumer health data-related provisions of Connecticut SB 3 that amend the Connecticut Data Privacy Act will take effect on July 1, 2023. Read more here.
Companies are taking a fresh look at their privacy policies in the wake of Dobbs v. Jackson Women's Health Organization. According to this Law360 article, policymakers are putting more pressure on companies to tighten their restrictions on collecting and disclosing personal health and location data. Access the article.
The Illinois Supreme Court recently held that all causes of action brought under the Illinois Biometric Information Privacy Act (BIPA) are subject to a five-year statute of limitations. The Court’s holding is the latest disappointment for Illinois companies defending BIPA actions and means the scourge of BIPA litigation will continue. Read more here.
Unlike the European Union, the United States does not have a federal data privacy law like the General Data Protection Regulation. State attorneys general, however, are cracking down on data breaches at healthcare organizations, according to this For the Record article. Access the article.
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking technologies, such as cookies, web beacons and pixels. The Bulletin aims to provide further clarity on when identifiable information collected by such tracking technologies may also constitute protected health information (PHI) as defined and interpreted under the HIPAA Rules. In such instances, the Bulletin instructs that the technology vendor may be seen as providing a service to the regulated entity that would, in light of the use and disclosure of PHI, create a direct or downstream business associate relationship. Accordingly, the Bulletin states that the regulated entities would...
California, Virginia and Colorado have new privacy laws coming into effect in 2023. But now is the time to start preparing your business or organization for compliance. Throughout the State Law Privacy video series, we examine the different aspects of these laws and provide you the knowledge and tools you need for proper compliance. In the next video of the series, Associate Fran Forte explores one of the notable exemptions under California’s law as it relates to employee data and how employee data is handled under Virginia and Colorado’s privacy laws. Watch here.
In the aftermath of the US Supreme Court's decision to overturn Roe v. Wade, legal experts say health systems and providers must immediately review their operations and prepare for potential enforcement by state prosecutors. According to this article published in Fierce Healthcare, McDermott Partner Stacey Callaghan said organizations should consult with counsel "as soon as possible" to ensure they understand the new post-Roe landscape. Read more here.
The monumental decision by the Supreme Court of the United States in Dobbs v. Jackson Women’s Health Organization to overturn Roe v. Wade presents significant challenges for employers and health plans. According to this Law360 article, employers should begin reviewing state laws, evaluating internal company policies, gauging employee reactions and preparing for legal challenges. McDermott's Sarah Raaii called the Supreme Court's decision "an administrative and potentially employee relations nightmare for employers." "It creates a lot of challenges for employers who just want to do right by their employees and continue offering these abortion benefits that they have historically done in the past," Raaii said. Access the article.
On June 24, 2022, the Supreme Court of the United States issued its decision in Dobbs v. Jackson Women’s Health Organization (Dobbs), overturning Roe v. Wade (Roe) and upending 50 years of precedent protecting a woman's right to privacy in choosing to abort a pregnancy prior to the point of viability. The effect of this decision on US companies cannot be understated. Any organization whose operations touch family planning services in any way (e.g., providers, those that facilitate operations, investors, payors, employers that provide family planning benefits and health plan service providers) should immediately examine their precise services, geographic footprint, corporate structure and organizational priorities. To determine the best steps to take for you and your business, we invite you to join us for the second program in our new webinar series on Wednesday, June 29, at 2:00-3:00 pm EDT with McDermott Partners Stacey Callaghan, David Gacioch and Caroline...
Subscribe
