In May 2024, the New York State Department of Health (“NYSDOH”) issued revisions to proposed regulations on hospital cybersecurity that it first released in November 2023. The proposed revised regulations are subject to public comment ending on July 1, 2024, and would apply to general hospitals licensed under Article 28 of the NYS Public Health […]
HIPAA/Health Information Privacy, Security & Breach Response
More Guidance from HHS on Online Tracking Technologies but Questions Remain
Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated Guidance”). The Updated Guidance amends and supersedes HHS’s original guidance on the use of digital tracking technologies published on December 1, 2022 (the “Prior Guidance”). […]
Washington AG’s Office Updates FAQs for My Health My Data Act
The Office of the Attorney General of Washington (the “AG”) has updated the Frequently Asked Questions (the “FAQs”) for the Washington My Health My Data Act (the “Act” or “Washington Act”) to provide guidance on the AG’s position concerning whether businesses must publish standalone consumer health data privacy policies under the Act. The update, first […]
Making (Brain) Waves: New Colorado Legislation Poised to Protect Privacy of Neural Data
Neurotechnology, like wearable EEG headbands and invasive brain implants, collects information from electrical nerve impulses and brain waves derived from your brain, spinal cord, or nervous system. This information, or neurodata, is valuable, unique, potentially individually identifiable, and has the potential to provide access to a person’s memories, biases, and intentions. (For more information, see […]
Why the New EU-U.S. Data Privacy Framework May Be Good News for Life Sciences Companies in the U.S.
BACKGROUND U.S.-based life sciences companies can be subject to the European Union (‘EU’) General Data Protection Regulation (‘GDPR’), even if they do not have any subsidiary, affiliate or other physical presence in the EU. This can be the case if, for example, a pharmaceutical or medical device company in the U.S. acts as a sponsor […]