Privacy Attorney

Subscribe to Privacy Attorney
HEAL-Laptop

On May 18, 2023, the Federal Trade Commission (FTC) filed a Notice of Proposed Rulemaking and Request for Public Comment (“NPRM”) seeking to amend the Health Breach Notification Rule (“HBNR”). We previously wrote about the FTC’s policy statement, in which the FTC took the position that mobile health applications that are not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) are covered by the HBNR. In our post, we highlighted concerns raised in dissent by commissioner Noah Joshua Phillips that the FTC’s interpretation of “breach of security” was too broad. Commissioner Phillips has since resigned.

Continue Reading Health Apps and Consumer Privacy Update: Federal Trade Commission Proposes Amendments to the Health Breach Notification Rule

Health-law-Privacy

More than just New Year’s resolutions went into effect when the clock struck midnight on January 1, 2023. The California Privacy Rights Act (“CPRA”) and the Virginia Consumer Data Protection Act (“VCPDA”) are now effective in California and Virginia, respectively. These comprehensive data privacy laws, along with three other state laws going into effect this year, establish new and complex obligations for businesses. If your business has not taken steps to prepare for these privacy laws, it is high time to start that process to avoid violations and enforcement likely to follow later in the year. See below for a timeline of key dates.

Continue Reading 2023 New Year’s Resolution: Effectively Comply with New Comprehensive State Privacy Laws

Health-law-Privacy

On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.

Continue Reading HHS Warns HIPAA Covered Entities and Business Associates That Use of Website Cookies, Pixels, and Other Tracking Technology May Violate HIPAA Rules