New York Law Bans Sale of Patient Information

In October of 2019, New York Governor Andrew Cuomo signed legislation limiting the disclosure or sale of patient information by emergency responders. Specifically, under the New York law, emergency responders (ambulance and first response service providers) may not disclose or sell private patient information to third parties for marketing purposes. What is the Scope of the New York Law? Before passage of this New York law, emergency response [...]

2023-08-01T10:27:55-04:00April 14th, 2020|

The Amended Maryland Personal Information Protection Act (MPIPA)

The Maryland Personal Information Protection Act, known as MPIPA, was amended in April of 2019, by House Bill (HB) 1154. The amended law went into effect on October 1st of 2019. Prior to the amendments, the law required (1) businesses that owned and licensed computerized data that includes personal information of Maryland residents, as well as (2) businesses that maintained (but did not own or license) such data, [...]

2023-08-01T11:30:20-04:00February 25th, 2020|

The CCPA HIPAA Exemption

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. This law increases privacy protections for California residents. However, larger organizations, with more than $25 million in gross annual revenue or organizations with information on 50,000 consumers, may be subject to a HIPAA exemption, meaning they may not be subject to the requirements of the CCPA. The CCPA HIPAA exemption is discussed in further detail [...]

2023-08-18T10:49:50-04:00February 19th, 2020|

HIPAA Enforcement: Who Enforces HIPAA?

There are significant consequences for breaking the HIPAA laws. The HIPAA Rule is enforced through several methods. HIPAA is a federal law, which is enforced by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). This is the most common method of HIPAA enforcement. State attorneys general may also conduct HIPAA enforcement. How Does HIPAA Enforcement Work? HIPAA [...]

2023-09-06T16:55:24-04:00December 17th, 2019|

Nevada Consumer Privacy Law Allows for Opt-Out of Sale of Covered Information

In May of 2019, the Governor of Nevada approved Senate Bill 220 (SB 220), an updated Nevada consumer privacy law. This legislation, which becomes effective on October 1, 2019, strengthens existing Nevada consumer privacy protections. It does so by making it easier for consumers to opt-out of the sale, by operators of websites, of certain personal information. How is Online Privacy Protected Under Current Nevada [...]

2023-08-07T15:53:46-04:00August 19th, 2019|

Settlement Reached with Premera Over Data Breach Exposing PHI of 10.4 Million

Premera Blue Cross signed an agreement with 30 states as a result of a 10-month hack that exposed the protected health information (PHI) of 10.4 million patients. The victims of the data breach had previously filed a lawsuit against Premera and reached a $74 million settlement. However, the Washington Attorney General Bob Fergusen led an investigation into Premera as well.  Through his investigation, Fergusen discovered [...]

2023-08-07T16:21:37-04:00July 15th, 2019|

California Protects Residents with the Introduction of the California Consumer Privacy Act

The ways in which businesses collect and use consumer data have been a cause for concern for many people. The sale of personal information has been largely unregulated, causing many states to implement their own privacy laws to better protect the personal information of their residents.  The California Consumer Privacy Act (CCPA) enacted on June 28, 2018, established four rights in regards to personal information. [...]

2023-08-07T16:27:46-04:00July 9th, 2019|

D.C. Attorney General Proposes Stricter Breach Notification Law

Washington D.C. Attorney General Karl A. Racine is pushing to strengthen the data breach notification laws for D.C. residents. If protected health information (PHI) is released without their knowledge, Attorney General Racine wants his residents notified more quickly and he wants to expand the circumstances when patients must be notified under the HIPAA breach notification rule. On March 21, 2019, A.G. Racine introduced the Security Breach Protection Amendment [...]

2023-08-07T16:57:48-04:00April 9th, 2019|

$7.5 MM Class-Action Lawsuit Filed After UCLA Health Data Breach

Patients have filed suit against UCLA Health with a class-action settlement for $7.5 million after a data breach exposed their protected health information (PHI). UCLA first discovered suspicious activity on its network in October 2014 and turned to the FBI for help. During that time, it was determined that no medical records were compromised. Yet in May 2015, hackers broke through the system and gained [...]

2023-08-07T16:58:40-04:00April 4th, 2019|

Aetna Pays $935,000 Fine for California HIV Status Breach

Aetna, a Connecticut-based health insurer, has agreed to pay the California Attorney General $935,000 to resolve a 2017 privacy breach that exposed state residents’ HIV status. California HIPAA violations have been increasingly prosecuted on a state-level resulting in Attorney General fines over the past few years, and this is just the most recent example. The breach occurred on July 28, 2017, when Aetna’s mailing vendor [...]

2023-08-08T08:46:33-04:00March 11th, 2019|