Podcast – Digital Health Market Assessment | Insights – Holland & Knight
Podcast - Digital Health Market Assessment | Insights Holland & Knight
Imagine360 Hit With Proposed Class Action Over Fortra Hack – Bloomberg Law
Affinity Empowering’s eHome Technology Enables At-Home and Near-Home Care – Yahoo Finance
Affinity Empowering’s eHome Technology Enables At-Home and … – InvestorsObserver
Affinity Empowering's eHome Technology Enables At-Home and ... InvestorsObserver
Affinity Empowering’s eHome Technology Enables At-Home and … – PR Newswire
Comprehensive Data Privacy Law Passed by the Delaware … – HIPAA Journal
Comprehensive Data Privacy Law Passed by the Delaware Legislature
A comprehensive new data privacy law has been passed by the Delaware legislature and now awaits Delaware Governor John Charles Carney Jr.’s signature. Governor Carney is expected to sign the Personal Data Privacy Act into law and make Delaware the 12th state to introduce a comprehensive data privacy law.
In contrast to the data privacy laws introduced in several other states, the Delaware Personal Data Privacy Act does not include exceptions for HIPAA-covered entities and their business associates, although the Act does have an information-level exception and does not apply to protected health information. HIPAA-regulated entities will need to ensure that they are fully compliant with the new law, although many of the requirements should not prove too challenging for organizations that are fully compliant with the HIPAA Privacy and Security Rules.
The Personal Data Privacy Act gives state residents new rights over their personal data and allows them to find out about the information that is being collected about them, inspect that information, correct errors, and request the deletion of their personal data and consumers must not be discriminated against for exercising any of those rights. The Personal Data Privacy Act adopts a broad definition of personal and sensitive data. Personal data includes any data “that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.”
Sensitive personal data includes data that reveals racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis (including pregnancy), sex life, sexual orientation, status as transgender or nonbinary individual, citizenship status, or immigration status. Sensitive data also covers genetic/biometric data, precise geolocation data, and the personal data of a known child and cannot be processed without consent. Consumers must be informed in a clear and concise way, through a privacy notice, how their personal data will be collected and used, what data will be shared with third parties, and the categories of third parties that will be provided with personal data. Consumers must also be provided with an opportunity to opt out of the sale of their personal data or its use to serve them with targeted advertisements. Any data collected must be limited to what is reasonably necessary to achieve the purpose for which the data is processed, and the data must be protected with reasonable security measures to ensure the confidentiality, integrity, and accessibility of personal data.
The Act adopts the same definition of a child as the Children’s Online Privacy Protection Act (COPPA) and has the same requirements for parental consent as COPAA with respect to a consumer that is a child. Data controllers are prohibited from serving targeted advertisements or selling the personal data of a consumer who is between the ages of 13 and 18 without consent, where the controller has knowledge that the consumer is between 13 and 18 years of age.
The Act applies to corporations that operate in Delaware that control or process the personal data of 35,000 or more consumers, or more than 10,000 consumers if more than 20% of gross revenue comes from the sale of personal data. The thresholds are considerably lower than in many other states that have enacted data privacy laws.
The new law is expected to take effect on January 1, 2025, assuming the bill is signed into law by the state governor before January 1, 2024, and will be solely enforced by the Delaware Department of Justice. The Department of Justice will engage in public outreach at least 6 months prior to the effective date to raise awareness of the new requirements with consumers and the business community.
The post Comprehensive Data Privacy Law Passed by the Delaware Legislature appeared first on HIPAA Journal.
Comprehensive Data Privacy Law Passed by the Delaware Legislature
A comprehensive new data privacy law has been passed by the Delaware legislature and now awaits Delaware Governor John Charles Carney Jr.’s signature. Governor Carney is expected to sign the Personal Data Privacy Act into law and make Delaware the 12th state to introduce a comprehensive data privacy law.
In contrast to the data privacy laws introduced in several other states, the Delaware Personal Data Privacy Act does not include exceptions for HIPAA-covered entities and their business associates, although the Act does have an information-level exception and does not apply to protected health information. HIPAA-regulated entities will need to ensure that they are fully compliant with the new law, although many of the requirements should not prove too challenging for organizations that are fully compliant with the HIPAA Privacy and Security Rules.
The Personal Data Privacy Act gives state residents new rights over their personal data and allows them to find out about the information that is being collected about them, inspect that information, correct errors, and request the deletion of their personal data and consumers must not be discriminated against for exercising any of those rights. The Personal Data Privacy Act adopts a broad definition of personal and sensitive data. Personal data includes any data “that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.”
Sensitive personal data includes data that reveals racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis (including pregnancy), sex life, sexual orientation, status as transgender or nonbinary individual, citizenship status, or immigration status. Sensitive data also covers genetic/biometric data, precise geolocation data, and the personal data of a known child and cannot be processed without consent. Consumers must be informed in a clear and concise way, through a privacy notice, how their personal data will be collected and used, what data will be shared with third parties, and the categories of third parties that will be provided with personal data. Consumers must also be provided with an opportunity to opt out of the sale of their personal data or its use to serve them with targeted advertisements. Any data collected must be limited to what is reasonably necessary to achieve the purpose for which the data is processed, and the data must be protected with reasonable security measures to ensure the confidentiality, integrity, and accessibility of personal data.
The Act adopts the same definition of a child as the Children’s Online Privacy Protection Act (COPPA) and has the same requirements for parental consent as COPAA with respect to a consumer that is a child. Data controllers are prohibited from serving targeted advertisements or selling the personal data of a consumer who is between the ages of 13 and 18 without consent, where the controller has knowledge that the consumer is between 13 and 18 years of age.
The Act applies to corporations that operate in Delaware that control or process the personal data of 35,000 or more consumers, or more than 10,000 consumers if more than 20% of gross revenue comes from the sale of personal data. The thresholds are considerably lower than in many other states that have enacted data privacy laws.
The new law is expected to take effect on January 1, 2025, assuming the bill is signed into law by the state governor before January 1, 2024, and will be solely enforced by the Delaware Department of Justice. The Department of Justice will engage in public outreach at least 6 months prior to the effective date to raise awareness of the new requirements with consumers and the business community.
The post Comprehensive Data Privacy Law Passed by the Delaware Legislature appeared first on HIPAA Journal.
Administration Takes Action To Limit Junk Health Insurance – healthaffairs.org
Administration Takes Action To Limit Junk Health Insurance healthaffairs.org