Key Takeaways | How to Prepare for New State Health Privacy Laws - McDermott Will & Emery

Key Takeaways | How to Prepare for New State Health Privacy Laws


New state privacy laws regulating health data impose significant obligations and heightened litigation and regulatory risks. During this webinar, Elliot Golding and Sam Siegfried discussed how these laws apply, what they require, and practical tips to implement and operationalize compliance.

Top takeaways included:

  1. Consumer health data laws apply broadly. Businesses should examine whether and how these laws apply because some: (a) do not exempt HIPAA-regulated entities (California, Colorado and Washington) or nonprofits (Colorado and Washington), (b) apply even to small businesses (Washington, Nevada and Connecticut), and (c) cover health inferences derived from non-health data (e.g., online browsing activity).
  2. Enforcement risks are real, significant and increasing. State and federal regulators are actively investigating and enforcing these laws, which will increase now that the California Privacy Protection Agency can commence enforcement. Litigation has also been significant and will also increase once Washington’s private cause of action takes effect this month.
  3. Act now. Key compliance steps include:
    1. Updating or developing consumer health data privacy policies (including posting a distinct Washington notice using a distinct website hyperlink)
    2. Executing data processing contracts with service providers
    3. Obtaining consent to process health data that satisfies new heightened requirements
    4. Identifying and developing policies to manage cookies and tracking technologies to ensure compliance with transparency and consent requirements, such as implementing cookie consent management tools

Explore our interactive state privacy law map.

Dig Deeper

Cambridge, United Kingdom / Speaking Engagements / July 1-3, 2024

Privacy Laws & Business | 37th International Conference

Chicago, IL / Speaking Engagements / May 14, 2024

Modern Healthcare Digital Health Summit: Patients and Trust

Nashville, TN / McDermott Event / May 17, 2024

Value-Based Care Symposium 2024

Nashville, TN / McDermott Event / May 15-16, 2024

Physician Practice Management and ASC Symposium 2024

Washington, DC / / May 8-10, 2024

2024 Privacy + Security Spring Academy

Washington, DC / Speaking Engagements / April 14 – 16, 2024

ACEP Leadership & Advocacy Conference 2024

Get In Touch