On August 29, 2024, the Office for Civil Rights of the United States Department of Health and Human Services (“HHS-OCR”) withdrew its appeal of an order by the United States District Court for the Northern District of Texas’ (“District Court”) declaring unlawful and vacating a portion of an HHS-OCR Bulletin
Legislation
SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of Customer Information
On May 16, 2024, the U.S. Securities and Exchange Commission announced the adoption of amendments to Regulation S-P that were proposed last year. The Final Amendments impose enhanced requirements on registered investment advisers, investment companies, broker dealers and transfer agents with respect to handling of consumer financial information.
The Emerging Legal and Regulatory Risks of Loyalty Programs
As part of our commitment to keeping you informed of new regulatory developments and their potential implications, we have highlighted recent statements by federal officials concerning loyalty programs, such as those involving airline miles and credit card points. These comments signal a potential shift in how these programs are viewed under consumer protection laws, and the plaintiffs’ bar is likely to take notice.
HHS Publishes Roadmap of New Strategy for Cybersecurity in the Healthcare Sector
The U.S. Department of Health and Human Services (HHS) recently issued a strategy paper highlighting key aspects of its plan to revamp cybersecurity requirements in the healthcare industry. Citing a 93% increase in large data breaches in healthcare from 2018 to 2022 and a rapid increase in ransomware attacks against…
OIG Issues Final Information Blocking Enforcement Rule and Highlights the Potential for Referrals to the FTC and FCA Liability
On June 27, 2023, the Office of Inspector General (“OIG”) for the U.S. Department of Health and Human Services (“HHS”) released its final rule (“Final Rule”) implementing penalties for information blocking.
The Final Rule codifies the prohibition on “information blocking” introduced by the 21st Century Cures Act (“Act”), which was…
SEC Revisits Regulation S-P After Twenty Years of Innovation to Information Technology
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (the “Proposed Amendments”), while simultaneously issuing two additional cybersecurity-related rule proposals and re-opening the comment period for its previously proposed cybersecurity risk management…
Shining a Light on the Corporate Transparency Act: FinCEN’s Rules for Beneficial Ownership Reporting
On January 1, 2021, Congress enacted the Corporate Transparency Act as part of the Anti-Money Laundering Act of 2020 to “better enable critical national security, intelligence, and law enforcement efforts to counter money laundering, the financing of terrorism, and other illicit activity.” FinCEN issued the final rule on Beneficial Ownership…
DOJ’s Civil Cyber-Fraud Initiative Secures More Than $9 Million in Two False Claims Act Settlements for Alleged Cybersecurity Violations
Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and emerging cyber threats to the security of sensitive information and critical systems.” Led by the Civil Fraud Section of DOJ’s Commercial Litigation Branch, the CCFI leverages…