National Institute of Standards and Technology

Subscribe to National Institute of Standards and Technology

Patchwork of State Data Privacy Laws Adds Three New Patches

By Alaap B. Shah, Audrey Davis, Christopher (Chris) D. Taylor & Stuart M. Gerson on May 25, 2023

Posted in Cyber Security, Privacy and Security, Privacy and Security Law

In the absence of a comprehensive federal data privacy law, state legislators continue to add to the often-contradictory array of laws aimed at protecting the security and privacy of their residents’ data. Very recently, Washington State’s My Health My Data Act was signed into law by Governor Jay Inslee in late April, Florida lawmakers passed Senate Bill 262 in early May, and the Tennessee Information Protection Act was signed into law earlier this month as well. While preparing this update, Montana’s enacted its Consumer Data Privacy Act on May 19^th, which we will address in subsequent guidance due to its recency. These newly enacted state laws build upon the growing patchwork of laws enacted in California, Connecticut, Colorado, Virginia, and Utah, all of which we previously discussed here and here. Yet, among these state laws there is significant variety, including inconsistencies as to whether the laws allow for private rights of action, and whether the laws provide affirmative defenses and other incentives based on compliance with relevant best practices.…

Continue Reading Patchwork of State Data Privacy Laws Adds Three New Patches

FDA Embraces Role in Managing Medical Device Cybersecurity Risk by Issuing New Guidance

By Brian Hedgeman & Alaap B. Shah on January 25, 2019

Posted in FDA, Medical Device, Privacy and Security Law

stethoscope_lock_computer_cyber_security_data_medicine_medical_shutterstock_302410691_1280x720

On October 18, 2018, the FDA published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. This guidance outlined recommendations for cybersecurity device design and labeling as well as important documents that should be included in premarket approval submissions. This guidance comes at a critical time as the healthcare industry is a…

NIST Seeks Comments on Cybersecurity Standards For Patient Imaging Devices

By Epstein Becker Green on May 17, 2018

Posted in HEAL®: Health Employment and Labor

Our colleague Stuart M. Gerson at Epstein Becker Green has a post on the Health Law Advisor blog that will be of interest to our readers in the health care industry: “NIST Seeks Comments on Cybersecurity Standards For Patient Imaging Devices.”

Following is an excerpt:

The National Institute of Standards and Technology (“NIST)…

NIST Seeks Comments on Cybersecurity Standards for Patient Imaging Devices

By Stuart M. Gerson on May 16, 2018

Posted in Health Information Technology, Privacy and Security Law

The National Institute of Standards and Technology (“NIST) has announced that it will be seeking industry input on developing “use cases” for its framework of cybersecurity standards related to patient imaging devices. NIST, a component of the Department of Commerce, is the agency assigned to the development and promulgation of policies, guidelines and regulations dealing…

Compliance Enforcement Pressure is Increasing for Directors

By Stuart M. Gerson on April 28, 2017

Posted in False Claims Act

Both the Department of Justice and the Department of Health and Human Services Inspector General have long urged (and in many cases, mandated through settlements that include Corporate Integrity Agreements and through court judgments) that health care organizations have “top-down” compliance programs with vigorous board of directors implementation and oversight. Governmental reach only increased with…

Menu

Health Law Advisor

Including HEAL®: Health Employment and Labor