Key Takeaways | How to Prepare for New State Health Privacy Laws | McDermott

Key Takeaways | How to Prepare for New State Health Privacy Laws

Overview



Video: How to Prepare for New State Health Privacy Laws webinar, part of McDermott's 2024 programming (runtime: 1h)

New state privacy laws regulating health data impose significant obligations and heightened litigation and regulatory risks. During this webinar, Elliot Golding and Sam Siegfried discussed how these laws apply, what they require, and practical tips to implement and operationalize compliance.

Top takeaways included:

  1. Consumer health data laws apply broadly. Businesses should examine whether and how these laws apply because some: (a) do not exempt HIPAA-regulated entities (California, Colorado and Washington) or nonprofits (Colorado and Washington), (b) apply even to small businesses (Washington, Nevada and Connecticut), and (c) cover health inferences derived from non-health data (e.g., online browsing activity).
  2. Enforcement risks are real, significant and increasing. State and federal regulators are actively investigating and enforcing these laws, which will increase now that the California Privacy Protection Agency can commence enforcement. Litigation has also been significant and will also increase once Washington’s private cause of action takes effect this month.
  3. Act now. Key compliance steps include:
    1. Updating or developing consumer health data privacy policies (including posting a distinct Washington notice using a distinct website hyperlink)
    2. Executing data processing contracts with service providers
    3. Obtaining consent to process health data that satisfies new heightened requirements
    4. Identifying and developing policies to manage cookies and tracking technologies to ensure compliance with transparency and consent requirements, such as implementing cookie consent management tools

Explore our interactive state privacy law map.

Dig Deeper

Washington, DC / Speaking Engagements / April 21-22, 2025

IAPP Global Privacy Summit 2025

Speaking Engagements / April 10-11, 2025

HIPAA COW 2025 Virtual Spring Conference

Virtual / Speaking Engagements / March 26, 2025

Evolving AI Regulation in Health Care: CDS, Data Privacy, and More

Get In Touch