Consumer Privacy Laws and Healthcare Entities: Regulatory Updates, Covered Entities, Scope of HIPAA Exemptions
Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
Intermediate
- work Practice Area
Health
- event Date
Friday, March 15, 2024
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE webinar will guide healthcare practitioners through the rapidly evolving landscape of state consumer privacy laws and their impact on healthcare entities—regardless of whether the entities are regulated under HIPAA. The panel will provide an overview of the laws, including similarities, key differences, how and when relevant exemptions may apply, and best practices for compliance.
Ms. Davis focuses her practice on healthcare compliance; telehealth and telemedicine; privacy, cybersecurity, and data asset management; artificial intelligence; and government investigations and litigation. She advises clients on compliance with state and federal laws affecting the provision of telehealth and telemedicine services, including issues related to scope of practice, licensure, online prescribing, reimbursement, and coverage; counsels clients on compliance with HIPAA privacy and security rules and other relevant privacy laws, rules, and regulations regarding protected health information; assists clients with legal issues related to big data analytics and digital health strategies; and drafts privacy and security policies, data licensing agreements, and business associate agreements on behalf of HIPAA covered entities and business associates, among other matters.
Ms. Litten serves as national and regional counsel to a wide range of healthcare related entities including hospital systems, healthcare facilities, regulated and self-funded health plans, and healthcare technology companies. With more than 30 years of experience in the industry, Ms. Litten is known nationally as a go-to source for insight on healthcare law and regulation.
Ms. Nixon advises clients on a range of privacy and data security matters, including preventing and responding to data breaches. Clients in the health care, life sciences, education, energy, automotive and retail industries depend on her to navigate an ever-growing web of domestic and international data privacy regulations. Ms. Nixon often helps individuals and businesses comply with the privacy and security requirements of HIPAA and other federal and state laws. She oversees forensic investigations into ransomware attacks, business email hacks and other cybersecurity incidents. She helps clients meet their contractual obligations and comply with state and federal laws, including FERPA.
With a number of states already having comprehensive privacy laws in effect, a few states with comprehensive privacy laws enacted and soon to be in effect, many states with consumer privacy laws soon-to-be-enacted, and additional states considering similar types of legislation, companies and counsel should be aware of how these laws will affect their businesses and the management of collected consumer data.
Companies that process health data should pay special attention because these laws contain nuanced exemptions for entities covered by HIPAA, often apply to entities that fall outside the purview of HIPAA, and create special obligations for entities that process “sensitive” data (which often includes various categories of health information). Such health data companies should also be aware of new laws specifically focused on regulating consumer health data (such as Washington’s My Health My Data Act) and increased focus and attention by the Federal Trade Commission on this issue.
The state laws in question have varying threshold requirements determining coverage. For example, some state laws only provide information-level exemptions for entities that process protected health information regulated under HIPAA (such as the California Consumer Privacy Act and the My Health My Data Act), while others provide entity-level exemptions for covered entities and business associates. Others only regulate certain categories of health information (such as diagnosis information), while others are much broader in scope.
It is important for companies that process health data to be aware of these differences as they develop their compliance programs. Companies that process health data that may fall outside of HIPAA, such as pharmaceutical manufacturers, medical device companies, and consumer-directed digital health companies, should pay particular attention to these issues.
Listen as our expert panel guides practitioners through the maze of current and upcoming consumer privacy laws and their impact on healthcare entities. The panel will provide an overview of the laws, including similarities, key differences, how and when relevant exemptions may apply, and best practices for compliance.
- Hot Topics – HIPAA and health care data
- Overview of key state consumer privacy laws currently in effect
- Impact on HIPAA-regulated entities
- Overview of key upcoming state consumer privacy laws
- Impact on HIPAA-regulated entities
- Enforcement and litigation trends involving health care data
- General compliance tips and considerations
The panel will review these and other important considerations:
- How are healthcare entities impacted by the current and soon-to-be enacted consumer privacy laws?
- How will new consumer health data privacy laws further change the compliance landscape?
- What exemptions are allowed for HIPAA-regulated covered entities and their business associates?
- What role will FTC enforcement play for health data companies?
- Where are the greatest risk areas for companies?
- What are best practices for compliance?
Related Courses
The ACA and the New Administration: CMS Proposed Rule Impacting Marketplace Eligibility and Other Notable Actions
Tuesday, April 22, 2025
1:00 p.m. ET./10:00 a.m. PT
Healthcare Speaker Programs and AKS Compliance: Regulatory Update, Lessons Learned From Recent Settlements
Tuesday, May 27, 2025
1:00 p.m. ET./10:00 a.m. PT
HIPAA and Beyond: Health Information Privacy Updates
Tuesday, May 27, 2025
1:00 p.m. ET./10:00 a.m. PT