Washington State Privacy Law: My Health, My Data Act

In a groundbreaking move, Washington State has introduced comprehensive privacy laws to protect its residents' health data. The My Health My Data Act (MHMDA) was enacted on April 27, 2023, in response to the Supreme Court's Dobbs decision, which overturned Roe v. Wade.  This pioneering legislation aims to safeguard personal information related to consumer health data and attempts to obtain healthcare services [...]

2023-05-30T07:58:43-04:00May 22nd, 2023|

Iowa Sixth State to Enact Data Privacy Law

The Iowa Data Privacy Law is an important legislation that ensures the protection of individual privacy rights in the state. It regulates how organizations collect, store, and use personal information to Iowa residents, to prevent unauthorized access, disclosure or misuse of such data. The law applies to both private and public entities operating within Iowa’s borders. On March 29, 2023, Governor Kim [...]

2023-05-12T15:37:56-04:00May 11th, 2023|

The Final Countdown: Your CPRA Checklist

In a July post (available here), we discussed a new rush of state data privacy laws that will affect businesses nationwide. In that post, we discussed new laws coming online in California, Colorado, Connecticut, Utah, and Virginia. Of these, the law that is (or should be) on every business’s mind right now is the California Privacy Rights Act or “CPRA”. This law [...]

2023-04-06T13:57:46-04:00December 2nd, 2022|

Planning for 2023: New State Data Privacy Laws Coming Online

On May 10, 2022, Connecticut Governor Ned Lamont signed the Connecticut Data Privacy Act, making Connecticut the fifth state in the nation to pass a comprehensive data privacy law after California, Colorado, Utah, and Virginia. Together, these laws represent a monumental shift in the regulatory landscape for businesses and impose significant and meaningful legal obligations on companies nationwide – regardless of where the company is located. [...]

2023-04-06T13:59:00-04:00July 20th, 2022|

Colorado Privacy Act Becomes Third Comprehensive State Data Privacy Law

The Colorado Privacy Act (CPA) is a comprehensive consumer data privacy law passed in July 2021. The CPA taking effect on July 1, 2023, regulates the personal information of Colorado residents. Details of the Colorado Privacy Act are provided below. Who Is Regulated Under the Colorado Privacy Act? The Colorado Privacy Act regulates certain businesses that the law terms “controllers.” To qualify [...]

2023-04-06T13:59:32-04:00March 24th, 2022|

Utah Consumer Privacy Act Goes to Governor for Signature

The Utah Consumer Privacy Act (UCPA) is legislation unanimously passed in the Utah Legislature. The final version of this Utah privacy law now awaits the signature of Governor Spencer Cox. If, as expected, the Governor signs the legislation by March 24, 2022, Utah will become the fourth state in the nation with a comprehensive consumer privacy law. The details of the Utah Consumer Privacy Act are [...]

2023-04-06T13:59:35-04:00March 14th, 2022|

Virginia Consumer Data Protection Act Expected to Become Law

The Virginia House of Delegates and Senate have passed legislation known as the Virginia Consumer Data Protection Act (CDPA). The personal data act is expected to reach the desk of Virginia Governor Ralph Northam, who may sign the legislation by as early as the end of February of 2021. The CDPA is modeled on the California Consumer Privacy Act (CCPA), California’s expansive consumer data privacy protection law, and [...]

2023-04-06T14:02:02-04:00February 19th, 2021|

Blackbaud Breach Victim Files Lawsuit Under California Healthcare Law

The Blackbaud breach is infamous for the sheer amount of organizations the incident affected. Among hundreds of affected organizations were several in the healthcare industry, compromising the protected health information of more than 11 million patients across the country. One such victim has filed a lawsuit against Rady Children’s Hospital, one of the breached organizations, under California healthcare law. More details on the lawsuit are discussed. [...]

2023-04-06T14:02:15-04:00January 27th, 2021|

HIPAA Workers Compensation Disclosures

The HIPAA Privacy Rule dictates how a healthcare provider may share protected information, or PHI in the workers compensation context. PHI disclosures to the employer and the workers compensation board must be HIPAA compliant. HIPAA workers compensation requirements are discussed below. What is Workers Compensation? Many employers are required, under state law, to purchase and maintain a workers compensation insurance policy (or to self-insure). When [...]

2023-04-06T14:23:14-04:00April 16th, 2020|

New York Law Bans Sale of Patient Information

In October of 2019, New York Governor Andrew Cuomo signed legislation limiting the disclosure or sale of patient information by emergency responders. Specifically, under the New York law, emergency responders (ambulance and first response service providers) may not disclose or sell private patient information to third parties for marketing purposes. What is the Scope of the New York Law? Before passage of this New York law, emergency response providers [...]

2023-04-06T14:23:15-04:00April 14th, 2020|