The Expanding Scope of Health Privacy Law: Federal, State, and Litigation Trends

Overview: 

The HIPAA landscape is undergoing significant changes-but it's not the only framework governing health data privacy. This session will review key developments in HIPAA regulations, enforcement, and case law, while also exploring emerging state-level laws such as Washington's My Health My Data Act and California's CPRA. These new laws extend privacy protections far beyond traditional covered entities, impacting mobile apps, ad tech platforms, and consumer-facing services.

We'll examine recent litigation-including Maxwell v. Amazon-to highlight how SDKs and location tracking technologies are triggering new legal risks. Participants will gain insight into how federal and state regulators are redefining health data, expanding enforcement, and introducing private rights of action.

Topics include cross-state telemedicine, information blocking, reproductive health privacy, and the implications of online tracking technologies. Additional resources will be provided for staying current with HIPAA and non-HIPAA developments.

Challenges such as the escalation of major data breaches, aggressive OCR enforcement actions, and heightened compliance requirements make this an essential and timely course for legal professionals navigating the evolving health privacy landscape.

Course Objective: 

• Know key concepts and terms related to HIPAA and emerging state-level health privacy laws
• Understand the latest developments in HIPAA regulations, law, and case law
• Assess the evolving threat environment-including SDK litigation and location tracking risks
• Recognize the responsibilities and risks imposed upon clinicians, organizations, and attorneys by federal and state privacy frameworks
• Analyze the financial, reputational, and legal implications of enforcement actions under HIPAA, MHMDA, and CPRA
• Prepare for heightened responsibilities such as mandatory compliance audits, enhanced risk analysis, and cross-jurisdictional data governance
• Address the differences in requirements and risks imposed on larger organizations versus smaller practices, especially in multi-state contexts
• Communicate effectively with non-legal professionals and staff while addressing misconceptions or gaps in their knowledge
• Understand the impacts beyond “covered entities,” evaluate the impact of SDKs, mobile apps, and geolocation data on health privacy compliance
• Anticipate litigation trends and enforcement priorities across federal and state agencies

Target Audience: 

• Legal professionals who may be responsible for assisting major clinical organizations or small practices

Basic Knowledge: 

Prior knowledge of HIPAA is not necessary, as theintroduction will provide a brief overview and the syllabus will provideadditional definitions and resources