By

Kate Heinzelman

04 June 2020

CCPA Enforcement Date Rapidly Approaching: California Attorney General Proposes Regulations for Final Review With July 1, 2020 Less Than One Month Away

On June 1, 2020, California’s Office of the Attorney General (“AG”) moved one step closer to finalizing the California Consumer Privacy Act (“CCPA”) regulations when the AG submitted proposed final regulations for review and approval by California’s Office of Administrative Law (“OAL”).  This submission signals the end of the AG’s CCPA regulation drafting process that began in early 2019.  If the OAL approves the proposed final regulations, they will be finalized and enforceable by the AG, subject to any legal challenges.

(more…)

EmailShare
07 May 2020

In Midst of COVID-19 Pandemic, Senators Propose Privacy Bill Aimed At Businesses’ Use of Consumer Data

On April 30, 2020, four Republican Senators announced plans to introduce the COVID-19 Consumer Data Protection Act.  The four Senators, John Thune (R-S.D), Roger Wicker (R-Miss.), Jerry Moran (R-Kan.), and Marsha Blackburn (R-Tenn.), are all Members of the Commerce Committee, with Wicker the Committee’s chair.

According to the April 30 Senate press release regarding the COVID-19 Consumer Data Protection Act, the legislation would “provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data” for data processing related to fighting the COVID-19 pandemic.  The press release also states that the bill would “hold businesses accountable to consumers if they use personal data to fight the COVID-19 pandemic.” Under the bill, covered purposes include “(1) collecting, processing, or transferring the covered data of an individual to track the spread, signs, or symptoms of COVID-19; (2) collecting, processing, or transferring the covered data of an individual to measure compliance with social distancing guidelines or other requirements related to COVID-19 that are required by federal, state, or local government order; (3) collecting, processing, or transferring the covered data of an individual to conduct contact tracing for COVID-19 cases.” (more…)

EmailShare
05 May 2020

HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts

Since COVID-19 was declared a pandemic, the U.S. Department of Health and Human Services (“HHS”) and its Office for Civil Rights (“OCR”) have taken a variety of steps to relax HIPAA restrictions particularly pertinent to the COVID-19 response.

First, as covered in an earlier posting, HHS took action to waive penalties and assure companies that it would exercise enforcement discretion with respect to the Privacy Rule’s application to telehealth services and certain limited communication activities related to COVID-19 treatment efforts. (more…)

EmailShare
10 April 2020

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

While the world seems to have ground to a halt in so many ways, time still marches on, and along with it, the California Consumer Privacy Act (“CCPA”) enforcement date (July 1, 2020) inches ever closer.   On March 11, 2020, the California Attorney General (“AG”) released the third turn of proposed California Consumer Privacy Act (“CCPA”) regulations.  The AG’s revisions make only moderate changes to the last round of regulations issued in February 2020.  Businesses will not need to dramatically change compliance plans as the proposed revised regulations seek to refine requirements in prior drafts rather than introduce any wholesale changes to the regulatory framework.  (more…)

EmailShare
18 March 2020

HHS Issues Limited Waiver of Certain HIPAA Privacy Rule Obligations and Exercises Enforcement Discretion with Respect to Telehealth Services In Light of COVID Public Health Emergency

This week the U.S. Department of Health and Human Services (HHS) took action to waive penalties and refrain from enforcing certain federal health information privacy restrictions under the Health Insurance Portability and Accountability Act (HIPAA) in response to COVID-19.

(more…)

EmailShare
05 March 2020

Coronavirus Risks – U.S. and European Employment and Privacy Law Issues

This post seeks to help parties navigate issues arising from COVID-19 risks from an employment and privacy law perspective in both the United States and Europe.

Novel coronavirus (COVID-19) presents significant issues for employers to navigate and significant consequences for employees across industries as COVID-19 reduces consumer spending, disrupts supply chains and presents challenges for managing workforces globally. Employers should be aware of their responsibilities and proactively put in place action plans to address this growing problem. Designing these plans, and addressing requested or mandated leaves and other restrictions on employee work, presents myriad employment law issues that may vary by jurisdiction. Employers are also likely to confront privacy questions as they seek information on employees’ and others’ health and travel across jurisdictions. In developing a plan, employers will want to consider these issues in a holistic and coordinated manner.

(more…)

EmailShare
12 February 2020

A February 2020 Surprise: California Attorney General Proposes Significant Revisions to CCPA Regulations

Just as companies were starting to recover from their exertions to put in place California Consumer Privacy Act (“CCPA”) compliance programs before the law’s January 1, 2020 entry into force, the California Attorney General (“AG”) provided an early February surprise.  CCPA watchers long expected that the AG would revise the CCPA regulations he initially proposed on October 10, 2019.  But when the AG actually released his proposed regulations on February 7 – a proposal he subsequently modified slightly on February 10 – both the timing and breadth of the revisions were surprising.  In short, the revisions were both sooner and more significant than expected.

(more…)

EmailShare
02 October 2019

Part 2 Proposed Rule Seeks to Reduce Barriers to Coordination of Care for Substance Use Disorders

In an effort to reduce barriers to coordination of care, the U.S. Department of Health and Human Services (“HHS”) is considering changes to Federal restrictions on the sharing of substance use disorder (“SUD”) records.  The proposed changes would modify 42 C.F.R. Part 2 (“Part 2”) regulations that place restrictive conditions on the disclosure of SUD patient records—limitations that go above and beyond Health Insurance Portability and Accountability Act (“HIPAA”) restrictions.

The barriers imposed by these rules—which have been in place since the 1970s—have become the focus of particular attention in light of the opioid crisis, as members of Congress and other stakeholders have raised concerns about how the Part 2 statute and implementing regulations may inhibit efforts to respond and coordinate care.  Members of Congress have called for reform, but have been unsuccessful at seeking legislative fixes thus far.

(more…)

EmailShare
03 September 2019

Carpenter and Everything After: The Supreme Court Nudges the Fourth Amendment into the Information Age

*This article was first published by the American Bar Association Infrastructure and Regulated Industries in Summer 2019.

Every year, as the calendar turns to June, the legal community looks to the Supreme Court. Eager to get to the Term’s end, the Justices rush to complete all of the outstanding opinions. Since the most difficult and important cases usually take the longest to work out, they are typically the stragglers. June is thus the time when the “blockbuster” opinions are issued—the cases that law professors analyze in their tenure pieces and that law school students study, quite possibly for years to come.

(more…)

EmailShare
30 April 2019

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

New Annual HIPAA Penalty Tiers

Six months after imposing the largest ever HIPAA fine ($16 million) following a HIPAA data breach, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) has announced that it is exercising its enforcement discretion to lower maximum annual HIPAA penalties.

(more…)

EmailShare
XSLT Plugin by BMI Calculator