On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates (together, “regulated entities”). While the updated guidance from OCR seems intended to clarify, and even narrow, the circumstances under which regulated entities’ use of websites and mobile app tracking technologies constitutes a disclosure of Protected Health Information (PHI), it fails to provide clarity on the exact scope, rendering compliance challenging. We summarize the updates to the guidance below and analyze briefly how these updates may impact the use of tracking technologies on unauthenticated and authenticated webpages, and what companies may explore in terms of compliance.Continue Reading OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities

On June 16, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (in the form of a stipulated order) with genetic testing company Vitagene, Inc., now known as 1Health.io (1Health.io), for allegedly misrepresenting its security and privacy practices regarding its data storage, deletion, and usage. The FTC also alleged that the company unfairly changed material privacy policy disclosures without obtaining affirmative consumer consent.Continue Reading FTC Announces Proposed Settlement with 1Health.io Genetic Testing Firm for Privacy and Security Violations

On April 27, 2023, Washington State Governor Jay Inslee signed a far-reaching health privacy law entitled the “My Health My Data Act” (the Act), which extends protections to consumer health data collected by

Continue Reading Washington State Governor Signs Sweeping Health Privacy Act (My Health My Data Act) into Law

On March 15, 2023, the Colorado Attorney General’s (Colorado AG) office released the final version of the Colorado Privacy Act (ColoPA) rules (the final rules), which are based on public comments on the third version

Continue Reading Colorado AG’s Office Announces Final Colorado Privacy Act Rules: Key Takeaways

On March 2, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (also referred to as “proposed consent order”) with BetterHelp, Inc., an online counseling service, for allegedly disclosing its website visitors’ and

Continue Reading FTC Announces Settlement with BetterHelp for Disclosing Consumers’ Health Information to Third-Party Advertisers

On January 27, 2023, the Colorado Attorney General’s (Colorado AG) office released the third version of its proposed draft rules (third draft) for the Colorado Privacy Act (ColoPA) based on public comments it received on

Continue Reading Colorado Attorney General’s Office Releases Third Version of Draft Rules for Colorado Privacy Act: Key Takeaways