State Privacy Law Applicability for Healthcare Services

Key Takeaways | Navigating State Privacy Law Applicability for Healthcare and Financial Services Organizations

Overview


During this webinar, McDermott Partners Elliot Golding and Amy Pimentel discussed state privacy law applicability to health, life sciences and financial services companies, as well as compliance requirements and enforcement risks. They also shared benchmarking and practical recommendations for designing and implementing privacy compliance programs.

Top takeaways included:

  1. This likely affects you: Most health and financial services companies have data that is NOT exempt from new state privacy laws (particularly in California, Colorado and Washington). That data includes certain online “cookie” data, marketing data, California employee and business contact data, and data collected outside the scope of the primary service offerings.
  2. The risks are real: State privacy laws have already been enforced against health and financial services companies. The Federal Trade Commission (FTC) and Office for Civil Rights (OCR) have also enforced laws related to online data.
  3. Next steps: All health and financial services companies should identify which data is subject to these laws and update their compliance programs. Although health and financial companies can leverage existing Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) programs, they likely must supplement by updating privacy notices and contract terms, obtaining opt-in consent honoring new privacy rights and implementing new governance processes (such as training and documenting privacy impact assessments).
  4. Reach out with questions: McDermott has extensive experience working with health and financial companies to operationalize these requirements, and we have developed templates, guidance, playbooks and other tailored materials specifically for health and financial companies.

Contact Elliot, Amy or your regular McDermott lawyer to discuss how we can help.


View key takeaways from and recordings of other webinars in our New State Privacy Laws Series:

Dig Deeper

Webinar / McDermott Webinar / December 4, 2024

Cookie Deep Dive: Maximizing Value While Minimizing Risk

Webinar / McDermott Webinar / November 21, 2024

Getting in Sync With Health Tech: Attacking AI Paralysis

Coral Gables, FL / Speaking Engagements / November 13-15, 2024

Consero's Chief Privacy Officer Forum

New Orleans, LA / Speaking Engagements / November 6-8, 2024

Cambridge Forum on Health Data Privacy & Emerging Issues

Washington, DC / Speaking Engagements / October 23-25, 2024

Privacy + Security Forum Fall Academy 2024

Washington, DC / Speaking Engagements / October 24, 2024

Privacy Regulations and Real-World Applications for Generative AI in Healthcare

Get In Touch