Tag

Health Data

Browsing

In brief In September 2024, Texas’ Attorney General announced a “first-of-its-kind” settlement with a healthcare generative artificial intelligence (“Gen AI”) company over what it said were “false, misleading, or deceptive” Gen AI products that aid physicians and medical staff in drafting clinical notes and charts. Per the Attorney General, the Company’s advertised hallucination rate was “very likely inaccurate” which “may have deceived hospitals about the accuracy and safety of the Company’s products.” The settlement provides…

In Brief Various players in the health care industry are or will soon be subject to new requirements relating to sexual and reproductive health data under a pair of bills passed last year amending the California Confidentiality of Medical Information Act (the “CMIA”). Many of the central provisions of bills AB 254 and AB 352, which were both signed into law by Governor Gavin Newsom in September 2023, came into effect on January 1, 2024.…

Organizations subject to the Washington State My Health My Data Act (generally any organization with physical premises in Washington, and many organizations without it) are preparing for compliance by March 31, 2024. And should, in addition to the overall compliance requirements and immediate action items, be aware that the Washington Attorney General updated its guidance on the requirements for a consumer health privacy policy. Section 4(1)(b) of the My Health My Data Act explicitly provides…

If your organization does business across the U.S. and collects consumer health data (broadly defined, health inferences generated from non-health data count), compliance with U.S. state consumer health privacy laws is just around the corner. Consumer health privacy laws in Nevada (Senate Bill 370) and Washington (the My Health My Data Act) become fully operative for regulated entities on March 31, 2024. Requirements specific to consumer health data are already operative in Connecticut. Here are…

In brief On October 8, 2023, California Governor Gavin Newsom signed two bills into law amending the California Consumer Privacy Act (CCPA). AB 947 classifies citizenship and immigration status as “sensitive personal information” subject to special protections under the CCPA, while AB 1194 strengthens reproductive privacy rights. Both bills carried the unanimous endorsement of the California Privacy Protection Agency. Details for each bill are described below followed by actionable guidance businesses can take to prepare…

Beyond the statutory text of the new Washington state My Health My Data Act, the Washington Attorney General has published Frequently Asked Questions (FAQs) and will update such FAQs periodically. Some of the FAQs provide insight into possible interpretations of the law’s provisions that are summarized below. For a broader overview of the My Health My Data Act, see here. 1. Businesses located outside of the state of Washington that only store data in Washington…

So far this year, three US states have passed laws with specific obligations related to consumer health privacy law: Washington, Connecticut, and Nevada. When it comes to California, the omnibus California Consumer Privacy Act (CCPA) applies also to the processing of health information. But, if the sectoral Confidentiality of Medical Information Act (CMIA) applies and is complied with, CMIA, and not the CCPA, applies. Most companies that do business in California are subject to CMIA,…

With the new Washington state My Health My Data Act, you may wonder if any exceptions or exemptions apply to your organization (for an overview of the law, see here). As a reminder, the definition of consumer health data is broad: “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status” (the definition includes as an enumerated example any information…

The Connecticut Data Privacy Act (CTDPA) is operative since July 1, 2023, and so are certain amendments that were signed into law as recently as June 26th, 2023. The amendments focus on protecting consumer health data and protecting minors, with additional consumer health data protections already operative but with some obligations related to minors becoming operative mid to late 2024. Additional Obligations for Processing Consumer Health Data As other omnibus US state privacy laws, the…

Washington state governor Jay Inslee signed the My Health, My Data Act (the Act) into law on April 27, 2023. Regulated entities are required to comply with most obligations from March 31, 2024 with small businesses being required to comply from June 30, 2024. Prohibitions on geofencing are operative already on July 23, 2023. The Act will be enforceable both by the Washington Attorney General’s Office and through a private right of action. Who is…