In the absence of a comprehensive federal data privacy law, state legislators continue to add to the often-contradictory array of laws aimed at protecting the security and privacy of their residents’ data. Very recently, Washington State’s My Health My Data Act was signed into law by Governor Jay Inslee in late April, Florida lawmakers passed Senate Bill 262 in early May, and the Tennessee Information Protection Act was signed into law earlier this month as well. While preparing this update, Montana’s enacted its Consumer Data Privacy Act on May 19th, which we will address in subsequent guidance due to its recency. These newly enacted state laws build upon the growing patchwork of laws enacted in California, Connecticut, Colorado, Virginia, and Utah, all of which we previously discussed here and here. Yet, among these state laws there is significant variety, including inconsistencies as to whether the laws allow for private rights of action, and whether the laws provide affirmative defenses and other incentives based on compliance with relevant best practices.
Blog Editors
Recent Updates
- At Long Last, DEA’s Remote Prescribing Rules 2.0 Are (Really) Here! (Pending Further Consideration by the Incoming Administration . . .)
- Massachusetts District Court Applies “But-For Causation” Standard, Dismisses AKS-Based FCA Case After Evaluating Facts and Circumstances of Independent Contractor Arrangements
- DOJ’s False Claims Act Recoveries Top $2.9 Billion in FY 2024, but Health Care Numbers Dip—What Could FY 2025 Hold for Health Care Enforcement?
- Recent Developments in Health Care Cybersecurity and Oversight: 2024 Wrap Up and 2025 Outlook
- Massachusetts Governor Maura Healey Signs into Law a Sweeping Health Care Market Oversight Bill