The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $600,000 settlement with California health care network PIH Health, Inc. (PIH) Wednesday over a phishing attack that allegedly exposed electronic protected health information (ePHI) of almost 200,000 individuals.
Though Rhode Island lawmakers seemed in agreement about the importance of protecting data about reproductive health, sexual health, and gender-affirming care, some asked if a comprehensive health bill offering protection of all health data would better serve state residents during a hearing Wednesday in the House Health and Human Services Committee.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
The Connecticut Attorney General recommends that lawmakers bolster the Connecticut Data Privacy Act (CTDPA) by scaling back exemptions, lowering thresholds of applicability, strengthening data minimization provisions, clarifying definitions and increasing protections for minors’ data, it said in a report. In addition, the report, released Thursday, recommends halting targeted advertising to children and teens and selling their personal data.
A Virginia reproductive data privacy law taking effect July 1 covers many companies, poses significant compliance challenges and contains a private right of action, privacy attorneys warned last week. In addition, while many believe Virginia has one of the more business-friendly comprehensive privacy laws, the purple state’s narrower new law requires a higher consent standard than blue Washington state’s My Health My Data Act (MHMDA), they said.
“Sports teams must navigate a complex network of privacy laws that govern athlete health data," Orrick attorneys blogged Wednesday.
23andMe is seeking the appointment of a “customer data representative” to assess the company’s handling of user data in its bankruptcy sale, company attorneys told the U.S. Bankruptcy Court for the Eastern District of Missouri in filings this week.
Don't preempt state privacy laws, the California Privacy Protection Agency (CPPA) and New Jersey Attorney General Matthew Platkin (D) argued in comments to House Commerce Committee Republicans Monday as the lawmakers worked on drafting privacy legislation (see 2504070065).
Businesses covered by a recently signed Virginia reproductive health privacy bill “will need to implement substantially the same compliance measures in Virginia that they have put in place in Washington State to comply with the My Health, My Data Act,” Hintze privacy lawyers blogged Wednesday.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.