Colorado Privacy Update Requires Health Care Compliance by Sept. 1, Lawyers Warn
To comply with a new Colorado privacy law (SB 25-276), health care providers should start “reviewing and updating their policies and procedures regarding the collection and disclosure of immigration-related information,” Husch Blackwell health care lawyer Nick Healey and two colleagues blogged Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Also, health care providers should “train staff on the new requirements and procedures, and monitor for any further regulatory guidance or clarifications from the state,” said the lawyers. The law “directly impacts” health care “facilities operated by a political subdivision or [that] receive any state funding,” they added.
The Colorado law requires compliance by Sept. 1. “Noncompliance may result in significant civil penalties, and violations are considered to cause irreparable harm.”
Enacted in May, the law amends the Colorado Privacy Act (CPA), adding precise geolocation data to the definition of sensitive data and prohibiting controllers from selling consumers’ sensitive data without opt-in consent (see 2505050043).