Colorado Privacy Act Becomes Third Comprehensive State Data Privacy Law

The Colorado Privacy Act (CPA) is a comprehensive consumer data privacy law passed in July 2021. The CPA taking effect on July 1, 2023, regulates the personal information of Colorado residents. Details of the Colorado Privacy Act are provided below. Who Is Regulated Under the Colorado Privacy Act? The Colorado Privacy Act regulates certain businesses that the law terms “controllers.” To qualify [...]

2022-05-06T17:03:31-04:00March 24th, 2022|

Utah Consumer Privacy Act Goes to Governor for Signature

The Utah Consumer Privacy Act (UCPA) is legislation unanimously passed in the Utah Legislature. The final version of this Utah privacy law now awaits the signature of Governor Spencer Cox. If, as expected, the Governor signs the legislation by March 24, 2022, Utah will become the fourth state in the nation with a comprehensive consumer privacy law. The details of the Utah Consumer Privacy Act are [...]

2022-05-06T17:03:32-04:00March 14th, 2022|

Virginia Consumer Data Protection Act Expected to Become Law

The Virginia House of Delegates and Senate have passed legislation known as the Virginia Consumer Data Protection Act (CDPA). The personal data act is expected to reach the desk of Virginia Governor Ralph Northam, who may sign the legislation by as early as the end of February of 2021. The CDPA is modeled on the California Consumer Privacy Act (CCPA), California’s expansive consumer data privacy protection law, and [...]

2021-03-08T11:16:07-05:00February 19th, 2021|

Blackbaud Breach Victim Files Lawsuit Under California Healthcare Law

The Blackbaud breach is infamous for the sheer amount of organizations the incident affected. Among hundreds of affected organizations were several in the healthcare industry, compromising the protected health information of more than 11 million patients across the country. One such victim has filed a lawsuit against Rady Children’s Hospital, one of the breached organizations, under California healthcare law. More details on the lawsuit are discussed. [...]

2022-05-06T14:44:09-04:00January 27th, 2021|

HIPAA Workers Compensation Disclosures

The HIPAA Privacy Rule dictates how a healthcare provider may share protected information, or PHI in the workers compensation context. PHI disclosures to the employer and the workers compensation board must be HIPAA compliant. HIPAA workers compensation requirements are discussed below. What is Workers Compensation? Many employers are required, under state law, to purchase and maintain a workers compensation insurance policy (or to self-insure). When [...]

2020-11-20T15:57:55-05:00April 16th, 2020|

New York Law Bans Sale of Patient Information

In October of 2019, New York Governor Andrew Cuomo signed legislation limiting the disclosure or sale of patient information by emergency responders. Specifically, under the New York law, emergency responders (ambulance and first response service providers) may not disclose or sell private patient information to third parties for marketing purposes. What is the Scope of the New York Law? Before passage of this New York law, emergency response providers [...]

2020-11-16T17:01:55-05:00April 14th, 2020|

The Amended Maryland Personal Information Protection Act (MPIPA)

The Maryland Personal Information Protection Act, known as MPIPA, was amended in April of 2019, by House Bill (HB) 1154. The amended law went into effect on October 1st of 2019. Prior to the amendments, the law required (1) businesses that owned and licensed computerized data that includes personal information of Maryland residents, as well as (2) businesses that maintained (but did not own or license) such data, [...]

2021-08-02T16:55:55-04:00February 25th, 2020|

The CCPA HIPAA Exemption

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. This law increases privacy protections for California residents. However, larger organizations, with more than $25 million in gross annual revenue or organizations with information on 50,000 consumers, may be subject to a HIPAA exemption, meaning they may not be subject to the requirements of the CCPA. The CCPA HIPAA exemption is discussed [...]

2021-03-24T13:17:50-04:00February 19th, 2020|

HIPAA Enforcement

There are significant consequences for breaking the HIPAA laws. The HIPAA Rule is enforced through several methods.  The most common method of HIPAA enforcement is actions of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). State attorneys general may also conduct HIPAA enforcement. How Does HIPAA Enforcement Work? HIPAA enforcement takes place on both the federal government and [...]

2021-07-30T16:23:15-04:00December 17th, 2019|

Nevada Consumer Privacy Law Allows for Opt-Out of Sale of Covered Information

In May of 2019, the Governor of Nevada approved Senate Bill 220 (SB 220), an updated Nevada consumer privacy law. This legislation, which becomes effective on October 1, 2019, strengthens existing Nevada consumer privacy protections. It does so by making it easier for consumers to opt-out of the sale, by operators of websites, of certain personal information. How is Online Privacy Protected Under Current Nevada [...]

2021-02-01T15:54:24-05:00August 19th, 2019|