Jennifer Everett

4 days ago | jdsupra.com | Alysa Austin |Jennifer Everett |Katherine Doty Hanniford

Artificial intelligence (AI) systems are vulnerable to more than just threat actors. Our Privacy, Cyber & Data Strategy Group examines joint guidance issued by U.S. and international cybersecurity agencies that provides best practices for protecting AI system data from various security threats.

Sep 3, 2024 | jdsupra.com | Jennifer Everett |Daniel Felz |Dorian Simmons

On August 27, 2024, the California state legislature passed Assembly Bill 2013 and sent it to Governor Gavin Newsom for signature. If passed, AB 2013 would require companies that make generative AI systems and services publicly available to Californians to post documentation on their website about the data used to train such AI systems and services. This documentation would need to be posted by January 1, 2026. This blog post briefly summarizes AB 2013 and its potential implications for companies.

Apr 4, 2024 | jdsupra.com | Ryan Blaney |Claire Castles |Jennifer Everett

New, first-of-their-kind consumer health data privacy laws in Washington and Nevada are designed to provide state-level protections for personal health data not covered by the Health Insurance Portability and Accountability Act ("HIPAA") and set the stage for potential increased litigation and enforcement.

Feb 19, 2024 | jdsupra.com | Ryan Blaney |Claire Castles |Jennifer Everett

Following the HHS's 2023 concept paper outlining strategies to enhance cybersecurity for the health care and public health sectors, the HHS released its Healthcare and Public Health Sector-Specific Cybersecurity Performance Goals ("CPGs"). These CPGs are categorized into "essential" and "enhanced" goals to address common cyber-related vulnerabilities in the health sector.

Dec 6, 2023 | jdsupra.com | Claire Castles |Jennifer Everett |Alexis Gilroy

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out of a ransomware attack, signaling OCR's continued focus on data security.