HIPAA/Health Information Privacy, Security & Breach Response

HIPAA Security Rule: Still on Track for Finalization

November 3, 2025 By Jennifer Everett, Kate Hanniford, Angela Burnette and Jennifer Pike

Since the HHS Office for Civil Rights’ (OCR) publication of a proposed rule to overhaul the HIPAA Security Rule in January 2025, many in the health care and privacy community have wondered whether the rule would quietly fade away. Some even hoped it might be “dead in the water.” However, despite sharp criticisms and industry […]

Unlocking the MIND Act: The Senate To Take on the Challenge of Neurotechnology

September 25, 2025 By Sara Pullen

On September 24, 2025, Ranking Member Cantwell (D-Wash.), Leader Schumer (D-NY), and Senator Markey (D-Mass.) announced they will introduce the “Management of Individuals’ Neural Data Act of 2025” (“MIND Act”). If enacted, the MIND Act will direct the Federal Trade Commission (“FTC”) to conduct a comprehensive study and report on the collection, processing, storage, sale, […]

New York Department of Health Issues Urgent Cybersecurity Warning Following U.S. Strikes on Iranian Nuclear Facilities

July 14, 2025 By Kim Peretti, Kate Hanniford, Angela Burnette, Jennifer Pike and Andrew Rice

The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following U.S. military strikes on the Fordow, Natanz, and Isfahan nuclear facilities in Iran. The Advisory warns that “intelligence sources indicate a high likelihood […]

New Artificial Intelligence Laws in Effect in Utah

June 13, 2025 By Jennifer Everett, Daniel Felz and Anna von Spakovsky

Utah Governor Spencer J. Cox signed three state AI bills into law that took effect May 7, 2025. These laws require businesses to make “you’re talking to a bot” disclosures and comply with privacy requirements when using AI in connection with consumer transactions, mental health chatbots, and certain content used for advertising, fundraising or endorsements. […]

To Delete or Not to Delete: Can 23andMe Really Sell Genetic Data Via Bankruptcy?

April 7, 2025 By Daniel Felz, Joyce Gresko, William Sugden, Kennedy Bodnarek, Anna von Spakovsky and Sara Pullen

On March 23, 2025, 23andMe Holding Co. (“23andMe”) filed for bankruptcy in the Eastern District of Missouri, potentially setting in motion the sale of genetic data collected from more than 15 million people. This has led to news outlets and state Attorneys General encouraging consumers to delete their 23andMe data before it is sold as […]