HIPAA / Electronic Health Information

October is Cybersecurity Awareness Month, making it an ideal time to revisit the most impactful and widely-read blog posts on our Cybersecurity & Privacy blog from the past year. As cyber threats become more sophisticated and widespread, staying informed is crucial. Our top five blog posts cover a range of vital issues: the alarming rise

As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While designed to enhance CISA’s ability to monitor and respond to cyber threats, the rule has ignited a contentious debate. The concerns raised highlight

The healthcare sector is increasingly facing cyber-threats with ransomware and hacking at the forefront. In the last five years, there has been a staggering 256% rise in significant hacking-related breaches and a 264% surge in ransomware incidents reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Hacking alone

The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific cybersecurity performance goals that will include both minimum foundational practices and advanced goals for cybersecurity performance. By centralizing these performance goals into the Healthcare and Public

On October 10, 2023, California Gov. Gavin Newsom signed SB 362 into law. The “Delete Act” is a key piece of privacy legislation designed to further protect consumer online privacy rights and place further obligations on data brokers.

The Delete Act heavily amends California’s existing data broker law and seeks to establish a one-stop shop

This summer, a proposed amendment to the Controlled Substances Act known as the Cooper Davis Act (the “act”) is making its way through congressional approvals and causing growing dissension between and among parents, consumer safety advocates, and anti-drug coalitions on one hand, and the DEA, privacy experts, and constitutional scholars on the other.

As currently

Effective July 1, 2023, a new Florida law will limit certain health care providers from storing patient information offshore. CS/CS/SB 264 (Chapter 2023-33, Laws of Florida), amends the Florida Electronic Health Records Exchange Act to require health care providers who use certified electronic health record technology to ensure that patient information is physically maintained

Governor Approves CCPA Amendment to Further Except Healthcare and Research InformationGov. Gavin Newsom recently approved A.B. 713, a bill that creates further CCPA exceptions for healthcare and research information. The bill is especially potent in the COVID-19 era where the need for medical research is greater than ever.

A.B. 713 presents a few notable changes from prior versions of the CCPA. First, the amendment expands

A New Privacy Headache: Virginia’s COVID-19 Workplace Safety Rule is Poised to Impact PrivacyOn July 15, 2020, the state of Virginia adopted the first of its kind COVID-19 workplace safety mandate. Propelled by months of inaction from a federal agency tasked with nationwide enforcement of workplace safety relating to COVID-19, Virginia’s Safety and Health Codes Board adopted an emergency regulation designed to establish requirements for employers to control,

Prepare Now For Sharing of and Access to Electronic Health Information: Cures Act Information Blocking and Interoperability Rules Take Effect June 30, 2020The U.S. Department of Health and Human Services (HHS) issued companion regulations advancing the interoperability of and patient access to electronic health information under the 21st Century Cures Act that will take effect June 30, 2020, with a compliance date of November 2, 2020. Now is the time to learn what the Information Blocking Rule