Organizations outside of health care may feel less comfortable complying with a new Colorado law than entities already covered by the Health Insurance Portability and Accountability Act (HIPAA), Aleksandra Vold, a BakerHostetler health privacy attorney, told Privacy Daily.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
A breach at an Ohio firm that helps patients obtain physician-certified medical marijuana cards may have exposed the sensitive information of more than 900,000 of its customers, a law firm investigating the incident said Tuesday.
Software marketing firm Cierant Corporation failed to safeguard customers' personally identifiable information (PII) and protected health information (PHI), which allowed their exposure in a 2024 breach, alleged a class-action lawsuit filed Thursday. Plaintiff Melissa Gifford brought the suit in the U.S. District Court for Connecticut on behalf of her minor child, whose health information was leaked.
Companies must understand their websites' tracking technologies and know what data they collect so they can remain compliant. This is especially so within the healthcare sector, said panelists during an IAPP webinar about Health Insurance Portability and Accountability Act (HIPAA) compliance Wednesday.
A New York public accounting firm settled with the Department of Health and Human Services for $175,000 over claims it violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, the Office for Civil Rights announced Monday following a ransomware attack investigation.
Femtech offers groundbreaking innovations in women's health but also poses serious privacy threats, data protection lawyers said. Even the EU, with its General Data Protection Regulation and AI Act, and the U.K., with its version of the GDPR, may not always provide adequate protection for the highly sensitive personal data that femtech apps collect and use, they added.
The security of patient data shared with the Trump administration’s HealthTech Initiative will depend on participating companies’ existing controls, not regulation, attorneys at Orrick said Friday (see 2508040021).
The federal jury decision earlier this month that Meta violated the California Invasion of Privacy Act (CIPA) illustrates how tracking technologies can pose serious risks if not responsibly deployed, said Ice Miller lawyers in a Monday blog post. The jury in Frasco v. Flo Health, Inc. found the social media platform intentionally eavesdropped on users of the health app Flo Health without consent and received sensitive data on users' menstrual cycles and reproductive health (see 2508040041).
A coalition of cities and other organizations on Friday appealed a June decision that vacated most of a rule that reduced the instances where protected health information can be used or disclosed to investigate a person who sought lawful reproductive health care.
Dental insurance company Healthplex must pay a $2 million penalty for violating the New York State Department of Financial Services' (DFS) cybersecurity regulation, Superintendent Adrienne Harris announced Thursday. A DFS investigation showed Healthplex lacked an adequate data retention policy that would have limited the storage of emails, which resulted in exposure of consumer data during a breach in 2021.