Search
On June 22, 2023, the Oregon legislature passed the Oregon Consumer Privacy Act (OCPA) SB 619 with a nearly unanimous vote in the senate. The bill was developed over the last four years by the Attorney General's Consumer Privacy Task Force, created to answer the call for comprehensive consumer...
Earlier this month, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced two (2) different settlements, one with a HIPAA business associate for $350,000 and one with a HIPAA-covered entity pursuant to the OCR Right of Access Initiative for $15,000...
On May 11, 2023, Tennessee became the eighth state to join the most recent trend in state legislation when Governor Lee signed the Tennessee Information Protection Act (TIPA) into law. Tennessee follows other states that have recently enacted comprehensive privacy legislation, starting with...
On Wednesday, March 15, Iowa’s House Legislature unanimously voted to approve Senate File 262 (SF 262), a comprehensive data privacy bill that unanimously passed the Senate on March 6. The bill will now move to the Governor’s desk to be signed into law (if the Governor does not sign or veto the bill...
The 2021 calendar year reports from HHS OCR describe OCR’s efforts that calendar year and are instructive tools for all parties who need to comply with HIPAA to understand macro-level trends. What You Need to Know: OCR continues to receive tens of thousands HIPAA complaints each year. “Large”...
Neither shots nor pills will immunize smaller medical, dental, chiropractic, and physical therapy practices, surgery centers, and other healthcare concerns from compliance with the looming (and burdensome) reporting obligations imposed on them if they are “reporting companies” under the federal...
Final regulations published on September 30, 2022 (the “final Regulations”) by the Financial Crimes Enforcement Network (“FinCEN”) of the Department of Treasury under the Corporate Transparency Act (“CTA”) grant business owners a reprieve, but not a pardon, with respect to their looming beneficial...
October was National Cybersecurity Month. As part of its ongoing focus on HIPAA Security Rule awareness and compliance, the Office for Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”), published its HIPAA Security Rule Incident Procedures newsletter (the “Newsletter”)...
The close of California’s legislative session on August 31 without amending the California Consumer Privacy Act (“CCPA”) means that CCPA will soon apply to personal information that many businesses process concerning their employees, contractors, and applicants. CCPA had been amended in November of...
A spate of lawsuits across the country has targeted companies that use website tracking and analytics tools, claiming they are violating prohibitions against illegal wiretaps. In a recent precedential decision, the Third Circuit weighed in on this issue, suggesting that companies can indeed be...
The California Attorney General began exercising enforcement authority under the CCPA on January 1, 2020. Among the CCPA’s enumerated rights for consumers, the cornerstone of the CCPA, is the right to opt out of the collection of personal information. In Sephora’s case, the Attorney General...
On July 15, 2022, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced the resolution of eleven investigations as part of its Health Insurance Portability and Accountability Act (HIPAA) Right of Access Initiative (the "Initiative"). OCR created...
On June 29, 2022, the U.S. Department of Health and Human Services Office for Civil Rights released two guidance documents addressing (1) disclosures under the HIPAA Privacy Rule relating to reproductive health care (“Disclosure Guidance”), and (2) the privacy and security of reproductive health...