Key Takeaways | How to Prepare for New State Health Privacy Laws - McDermott Will & Emery

Key Takeaways | How to Prepare for New State Health Privacy Laws

Overview



New state privacy laws regulating health data impose significant obligations and heightened litigation and regulatory risks. During this webinar, Elliot Golding and Sam Siegfried discussed how these laws apply, what they require, and practical tips to implement and operationalize compliance.

Top takeaways included:

  1. Consumer health data laws apply broadly. Businesses should examine whether and how these laws apply because some: (a) do not exempt HIPAA-regulated entities (California, Colorado and Washington) or nonprofits (Colorado and Washington), (b) apply even to small businesses (Washington, Nevada and Connecticut), and (c) cover health inferences derived from non-health data (e.g., online browsing activity).
  2. Enforcement risks are real, significant and increasing. State and federal regulators are actively investigating and enforcing these laws, which will increase now that the California Privacy Protection Agency can commence enforcement. Litigation has also been significant and will also increase once Washington’s private cause of action takes effect this month.
  3. Act now. Key compliance steps include:
    1. Updating or developing consumer health data privacy policies (including posting a distinct Washington notice using a distinct website hyperlink)
    2. Executing data processing contracts with service providers
    3. Obtaining consent to process health data that satisfies new heightened requirements
    4. Identifying and developing policies to manage cookies and tracking technologies to ensure compliance with transparency and consent requirements, such as implementing cookie consent management tools

Explore our interactive state privacy law map.

Dig Deeper

Washington, DC / Speaking Engagements / October 23-25, 2024

Privacy + Security Forum Fall Academy 2024

Washington, DC / Speaking Engagements / October 24, 2024

Privacy Regulations and Real-World Applications for Generative AI in Healthcare

Webinar / McDermott Webinar / October 24, 2024

Navigating the Final CMMC Rule

Denver, CO / Speaking Engagements / October 10, 2024

2024 AAA Healthcare Dispute Resolution Innovation & Strategy Conference

Get In Touch