
Privacy & Cybersecurity
Viewpoints
Filter by:
My Health, My Data! Washington State Enacts Broad Health Data Privacy Protection Law
May 26, 2023 | Blog | By Lara Compton, Kathryn Edgerton, Adam B. Korn
Washington greatly expanded the protection for consumers’ identifiable health information by enacting the “My Health My Data Act” (MHMDA), in an effort to close the gap between HIPAA protections and the laws protecting the privacy and security of other consumer health care data. While MHMDA resembles the acts in both California and Illinois, it broadly applies to health information outside of traditional health care settings. In this article we answer frequently asked questions about MHMDA’s applicability and requirements.
Read more
Mintz May Madness: Tennessee’s Information Protection Act Gets Us Thinking About NIST(y) Safe Harbors
May 12, 2023 | Blog | By Cynthia Larose, Michael Katz, Ilse P. Johnson
Tennessee is expected to become the eighth or ninth state to enact a comprehensive data privacy law. Tennessee Information Protection Act (“TIPA”) is a unique safe harbor compared to other recently enacted laws: it offers an affirmative defense to businesses who create, maintain and comply with a written privacy program that “reasonably conforms” to the National Institute of Standards and Technology (“NIST”) privacy framework or “other documented policies, standards, and procedures designed to safeguard consumer privacy.”
Read more
Mintz May Madness: Comprehensive Data Privacy Laws Sweeping the Nation
May 3, 2023 | Blog | By Michael Katz, Cynthia Larose, Ilse P. Johnson
Last month, three state legislatures passed comprehensive data privacy laws. This week, Indiana’s governor signed the Indiana Consumer Data Privacy Act (“ICDPA’) into law. Montana and Tennessee likely to follow right behind. These newcomers will join the six other states with data privacy statutes already enacted.
Read more
Are You Ready? How to Prepare for the End of OCR’s Public Health Emergency HIPAA Enforcement Discretion
May 1, 2023 | Blog | By Dianne Bourque, Lara Compton
In April, 2020, in an effort to facilitate a national pivot to telehealth in light of the COVID-19 Public Health Emergency (PHE), the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a policy of Health Insurance Portability and Accountability Act of 1996 (HIPAA) enforcement discretion for regulated health care providers (Covered Entities) implementing communications technologies that weren’t fully compliant with HIPAA or using those technologies in a manner that didn’t comply with HIPAA. Examples of flexibilities included allowing technology providers access to protected health information (PHI) without a HIPAA Business Associate Agreement (BAA). OCR’s enforcement discretion enabled Covered Entities to minimize the need for in-person visits for all kinds of health care services, not just COVID-19 related care. OCR also implemented flexibilities to promote public health during the COVID-19 pandemic; for example, it allowed for Business Associates to share COVID-19 data with government agencies for such purposes without specific authority to do so under BAAs.
Read more
OCR Proposes HIPAA Amendments to Protect Reproductive Health Care Information
April 13, 2023 | Blog | By Dianne Bourque, Kate Stewart, Pat Ouellette
In response to concerns about the confidentiality of protected health information (PHI) related to reproductive health care less than one year after Dobbs v. Jackson Women’s Health Organization decision, and the prospect of such PHI being weaponized by states and used against patients, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) has proposed amendments to the HIPAA Privacy Rule to protect that information.
Read more
Benefits and Legal Risks of Embracing Generative AI Applications
April 5, 2023 | Blog | By Jeremy Glaser, Lorena Niebla
Generative artificial intelligence creates content and work efficiencies but also comes with legal pitfalls. Mintz Venture Capital & Emerging Companies Practice Co-chair Jeremy Glaser and Associate Lorena Niebla look at the technology's potential uses as well as risks related to data privacy, intellectual property, and more.
Read more
Federal Trade Commission’s GoodRx Settlement: Not Just a $1.5 Million Penalty
March 8, 2023 | Blog | By Lara Compton, Pat Ouellette
The Federal Trade Commission (FTC) recently kicked off enforcement of its Health Breach Notification Rule (Breach Rule) by taking aim at GoodRx’s use of tracking technologies (e.g. pixels) and the sharing of consumer health data for advertising purposes. According to Samuel Levine, director of the FTC's Bureau of Consumer Protection, the FTC “is serving notice that it will use all of its legal authority to protect American consumers' sensitive data from misuse and illegal exploitation." Bottom line, HIPAA applicability may no longer be as significant of a factor when it comes to the risk presented by collecting, using, disclosing, and maintaining identifiable health information (IHI).
Read more
An Overview of Why Class Action Privacy Lawsuits May Have Just Gotten Bigger – Yet Again.
March 1, 2023 | Blog | By Adam B. Korn, Sebastian Navarro, Todd Rosenbaum
Illinois Supreme Court’s Latest BIPA Ruling Increases Risk and Uncertainty as to the Scope of Damages Available Under the Statute
February 28, 2023 | Blog | By Trust D. Kupupika, Kevin McGinty
Just in time for Data Privacy Week: The new Mintz Matrix!
January 27, 2023 | Blog | By Cynthia Larose
FCC Proposes Changes to Its Reporting Requirements for Customer Data Breaches
January 13, 2023 | Blog | By Angela Kung, Jonathan P. Garvin
New EU-US Data Privacy Framework
December 13, 2022 | Blog
The European Commission has published its long-awaited draft of the new EU-US Data Privacy Framework, available here. The Data Privacy Framework will replace the Privacy Shield decision that was invalidated in July 2020 by the Schrems II decision. President Biden’s recent Executive Order paved the way for the new Data Privacy Framework by creating a significantly more robust right of redress for people in the EU, along with stronger guardrails and greater oversight for US intelligence agencies’ data privacy compliance.
Read more
Is Your Website Collecting PHI Under OCR's New Tracking Technologies Bulletin?
December 7, 2022 | Blog | By Dianne Bourque, Lara Compton, Kathryn Edgerton, Cassandra Paolillo, Kate Stewart
Covered Entities and Business Associates should promptly and carefully review their use of online tracking technologies on their websites and mobile apps following a bulletin (Bulletin) published by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) last week. The Bulletin addresses multiple facets of compliance with HIPAA when using online third-party tracking technologies (Tracking Technologies). In doing so, OCR significantly expands its interpretation of the definition of Protected Health Information (PHI) to include, in some instances, identifiable information gathered by Tracking Technologies where a user visits a website and does not interact with the entity in any other way. In its Bulletin, OCR interprets the act of an individual visiting a website as evidence of a relationship or anticipated future relationship between the visitor and the entity.
Read more
JUST A REMINDER: Refresh Your Standard Contractual Clauses!!
November 29, 2022 | Blog | By Cynthia Larose
DOJ Charges 10 Defendants for Allegedly Defrauding Public and Private Health Insurers Out of $11.1 Million Through Business Email Compromise Schemes
November 28, 2022 | Blog | By Kathryn Edgerton
This post provides insights and recommendations surrounding the DOJ's charges against 10 defendants involved in business email compromise schemes.
Read more
Google Pays Record Privacy Settlement as Lawsuits are Expected to Rise
November 22, 2022 | Blog | By Adam B. Korn, Sebastian Navarro, Todd Rosenbaum
In what is considered the largest privacy-related settlement in history, Google will pay $391.5 million to 40 states to settle an investigation by 40 state attorneys general. The bipartisan coalition of attorneys general alleged that Google misled users into believing that opting out of sharing their location data prevented the company from tracking users’ locations.
Read more
NYC Proposes Rules in Advance of 2023 Automated Employment Decision Tools Law
November 4, 2022 | Blog | By Corbin Carter, Michelle Capezza, Evan Piercey
“Ding Dong” -- FTC-Drizly Data Breach Settlement Will follow CEO Personally for a Decade
October 28, 2022 | Blog | By Christopher Buontempo, Cynthia Larose
The Sun is About to Set on Temporary CCPA/CPRA Exemptions: Employers Get Ready
September 14, 2022 | Blog | By Cynthia Larose
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment, Labor & Benefits
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology