Jennifer Everett

Sep 3, 2024 | jdsupra.com | Jennifer Everett |Daniel Felz |Dorian Simmons

On August 27, 2024, the California state legislature passed Assembly Bill 2013 and sent it to Governor Gavin Newsom for signature. If passed, AB 2013 would require companies that make generative AI systems and services publicly available to Californians to post documentation on their website about the data used to train such AI systems and services. This documentation would need to be posted by January 1, 2026. This blog post briefly summarizes AB 2013 and its potential implications for companies.

Apr 4, 2024 | jdsupra.com | Ryan Blaney |Claire Castles |Jennifer Everett

New, first-of-their-kind consumer health data privacy laws in Washington and Nevada are designed to provide state-level protections for personal health data not covered by the Health Insurance Portability and Accountability Act ("HIPAA") and set the stage for potential increased litigation and enforcement.

Feb 19, 2024 | jdsupra.com | Ryan Blaney |Claire Castles |Jennifer Everett

Following the HHS's 2023 concept paper outlining strategies to enhance cybersecurity for the health care and public health sectors, the HHS released its Healthcare and Public Health Sector-Specific Cybersecurity Performance Goals ("CPGs"). These CPGs are categorized into "essential" and "enhanced" goals to address common cyber-related vulnerabilities in the health sector.

Dec 6, 2023 | jdsupra.com | Claire Castles |Jennifer Everett |Alexis Gilroy

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out of a ransomware attack, signaling OCR's continued focus on data security.

Aug 23, 2023 | jdsupra.com | Antonio F. Dias |António Gomes Dias |Antônio M. Dias |Jennifer Everett |Rasha Gerges Shields

Notable provisions include: The OCPA will apply to an entity that: (i) conducts business in Oregon or that provides products or services to state residents; and that (ii) controls or processes (1) the personal data of at least 100,000 Oregon consumers or (2) the personal data of at least 25,000 Oregon consumers, while deriving 25% or more of the entity's annual gross revenue from selling personal data.