As more and more states are enacting privacy laws, organizations in the health care industry may be wondering what the impact these laws will have on them. At this point, there are privacy laws in 12 states, with one more (Delaware) likely to be signed by the governor soon. Those laws are in California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. (There is also a new law in Delaware currently pending the governor’s signature). Not all are in effect. Only the laws in California, Connecticut, Colorado and Virginia are effective. The others will go into effect between December of this year and 2026, as follows:Continue Reading State Privacy Law Roundup: What Health Care Companies Need to Know
Julia Kadish
Julia Kadish is a partner in the Intellectual Property Practice Group in the firm's Chicago office and a member of the Privacy and Cybersecurity Team.
Washington State Enacts Landmark Privacy Law Aimed at Digital Health Industry
On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. This law, named the “My Health My Data Act,” covers a very wide range of entities, consumers, and data. It also contains a private right of action. Companies should soon begin evaluating the scope of this law and its requirements before it comes into effect March 31, 2024 (for “small businesses,” June 30, 2024).Continue Reading Washington State Enacts Landmark Privacy Law Aimed at Digital Health Industry
OCR Releases Guidance on Use of Tracking Technologies
Most companies operating websites and mobile apps use some form of tracking technologies on these digital properties. While these types of technologies have been used for some time and serve a variety of purposes, the use of them by organizations regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has garnered more recent attention within the past year. In the wake of recent public concerns, the Office of Civil Rights (OCR) at HHS recently released guidance on the use of these tools by HIPAA-regulated entities. OCR’s guidance distinguishes between tracking on authenticated and unauthenticated websites and on mobile apps. We summarize this guidance below.Continue Reading OCR Releases Guidance on Use of Tracking Technologies
Digital Health in the Metaverse: Three Legal Considerations
The metaverse has been described as the “next frontier” and the “new era” of healthcare. Although still a loosely defined and relatively broad term, the “metaverse” generally refers to a shared virtual environment accessed by individuals via the Internet. Individuals generally enter the metaverse through the following four technologies: virtual reality, augmented reality, mixed reality and extended reality. Continue Reading Digital Health in the Metaverse: Three Legal Considerations
Top 5 Legal Issues in Digital Health to Watch for in 2022
The digital health sector has seen tremendous growth and innovation over the past few years. This momentum introduces new complexities within the legal and regulatory landscape that is trying to…
Continue Reading Top 5 Legal Issues in Digital Health to Watch for in 2022
What Virginia’s New Privacy Law Means for Organizations in the Healthcare Industry
Virginia is now the second state, after California, to pass a comprehensive privacy law. The Consumer Data Protection Act (“CDPA”) will come into effect January 1, 2023 (the same time as the modification to California’s Consumer Privacy Act (“CCPA”), i.e., the California Privacy Rights Act (“CPRA”)). While CDPA has fairly broad exemptions for entities regulated by other laws, such as HIPAA, there is also a new “opt-in” requirement for collecting “sensitive data.”
Continue Reading What Virginia’s New Privacy Law Means for Organizations in the Healthcare Industry