Health Law Advisor

In the absence of a comprehensive federal data privacy law, state legislators continue to add to the often-contradictory array of laws aimed at protecting the security and privacy of their residents’ data. Very recently, Washington State’s My Health My Data Act was signed into law by Governor Jay Inslee in late April, Florida lawmakers passed Senate Bill 262 in early May, and the Tennessee Information Protection Act was signed into law earlier this month as well. While preparing this update, Montana’s enacted its Consumer Data Privacy Act on May 19^th, which we will address in subsequent guidance due to its recency. These newly enacted state laws build upon the growing patchwork of laws enacted in California, Connecticut, Colorado, Virginia, and Utah, all of which we previously discussed here and here. Yet, among these state laws there is significant variety, including inconsistencies as to whether the laws allow for private rights of action, and whether the laws provide affirmative defenses and other incentives based on compliance with relevant best practices.

More than just New Year’s resolutions went into effect when the clock struck midnight on January 1, 2023. The California Privacy Rights Act (“CPRA”) and the Virginia Consumer Data Protection Act (“VCPDA”) are now effective in California and Virginia, respectively. These comprehensive data privacy laws, along with three other state laws going into effect this year, establish new and complex obligations for businesses. If your business has not taken steps to prepare for these privacy laws, it is high time to start that process to avoid violations and enforcement likely to follow later in the year. See below for a timeline of key dates.

After July 1, 2017, optometrists and ophthalmologists ("Ophthalmic Providers") in Virginia will be able to practice through telehealth. Va. Code § 54.1-2400.01:2 permits Ophthalmic Providers to establish a bona fide provider-patient relationship "by an examination through face-to-face interactive, two-way, real-time communication" or through "store-and-forward technologies." Licensed Ophthalmic Providers may establish a provider-patient relationship so long as the provider conforms to the in-person standard of care.  To the extent that an Ophthalmic Provider ...

On October 26, 2015, the Federal Trade Commission ("FTC") and the Antitrust Division of the U.S. Department of Justice ("DOJ") (collectively the "Agencies") issued a joint statement to the Virginia Certificate of Public Need ("COPN") Work Group encouraging the Work Group and the Virginia General Assembly to repeal or restrict the state's certificate of need process.  The Virginia COPN Work Group was tasked by the Virginia General Assembly to review the current COPN process and recommend any changes that should be made to it.

Thirty-six states currently maintain some form of ...