Recently, California’s Governor signed Assembly Bill (AB) 45, which builds on existing California laws, such as the Confidentiality of Medical Information Act, seeking to protect individuals seeking certain healthcare services. AB 45 takes effect January 1, 2026.
Specifically, the law prohibits the collection, use, disclosure, sale, sharing, or retention of personal information of a
On September 17, 2025, the Florida Agency for Health Care Administration (AHCA) will hold its first public meeting to discuss proposed rules designed to enhance transparency and preparedness around health care information system breaches. AHCA is Florida’s agency responsible for the state’s Medicaid program, the licensure of the state’s health care facilities, and the sharing
The rapid adoption of AI notetaking and transcription tools has transformed how organizations (and individuals) capture, analyze, and share meeting and other content. But as these technologies expand, so too do the legal and compliance risks. A recent putative class action lawsuit filed in federal court in California against Otter.ai, a leading provider of AI
On August 18, 2025, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with BST & Co. CPAs, LLP (BST). The announcement continues OCR’s escalating enforcement of the HIPAA Security Rule, particularly around ransomware and risk analysis inadequacies.
For the OCR, this is the agency’s 15th ransomware enforcement action
On July 1, 2025, California Attorney General Rob Bonta announced the largest CCPA settlement to date, which included a $1.55 million penalty against Healthline Media LLC. This settlement sends a clear message to businesses that California Consumer Privacy Act (CCPA) enforcement is ramping up, and health-related data is in scope.
According to the complaint filed
On May 1, 2025, the California Privacy Protection Agency (CPPA) issued a Final Order in one of its first public enforcement actions under the California Consumer Privacy Act (CCPA), imposing a fine of nearly $350,000 on the business.
An important take away from the Final Order: simply posting a privacy policy is not enough. Businesses
On July 23, 2025, the White House released America’s AI Action Plan, a comprehensive national strategy designed to strengthen the United States’ position in artificial intelligence through investment in innovation, infrastructure, and international diplomacy and security. The plan, issued in response to Executive Order 14179, reflects a pro-innovation approach to AI policy—one that aims
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025.
The law applies to certain “financial corporations.” Under the law, financial corporation means all entities regulated by the Department of Financial Institutions
The U.S. Senate voted early Tuesday to remove a proposed moratorium from the federal budget bill. This outcome marks a pivotal moment in the ongoing debate over artificial intelligence regulation in the United States.
The AI moratorium, initially proposed as part of the One Big Beautiful Bill Act, proposed a 10-year moratorium on the
The Senate recently voting 99-1 to remove a 10-year moratorium on state regulation of AI says something about the impact of AI, but also its challenges.
A new MIT study, presented at the ACM Conference on Fairness, Accountability and Transparency, demonstrates that large language models (LLMs) used in healthcare can be surprisingly “brittle.” As