HHS Office for Civil Rights Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies to Protect the Privacy and Security of Health Information
Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA) on covered entities and business associates (“regulated entities”) under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”) when using online tracking technologies. These online tracking technologies, like Google Analytics or Meta Pixel, collect and analyze information about how internet users are interacting with a regulated entity’s website or mobile application.
OCR Releases New Recognized Security Practices Video
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon. Section 13412 of the HITECH Act requires OCR to take into consideration in certain Security Rule enforcement and audit activities whether a regulated entity has adequately demonstrated that recognized security practices were “in place” for the prior 12 months.
FACT SHEET: President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework
Today, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) directing the steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF) announced by President Biden and European Commission President von der Leyen in March of 2022.
The White House just unveiled a new AI Bill of Rights
President Joe Biden has today unveiled a new AI Bill of Rights, which outlines five protections Americans should have in the AI age. Biden has previously called for stronger privacy protections and for tech companies to stop collecting data. But the US—home to some of the world’s biggest tech and AI companies—has so far been one of the only Western nations without clear guidance on how to protect its citizens against AI harms.
Key lawmakers on data protection and privacy legislation