Ryan P. Blaney
Partner
Ryan Blaney represents health care, life science, and technology clients in a range of regulatory, enforcement, internal investigative and transactional matters, with particular expertise in privacy law, life sciences and digital health. He also has expertise in regulatory compliance, counseling clients on a range of matters, including health care fraud and abuse, third party reimbursement, data breach issues, data privacy and security, and FDA regulatory matters. He has substantial experience in pharmaceutical lifecycle management and competition issues, including the Hatch- Waxman Act and Biosimilars Price Competition and Innovations Act.
Ryan serves information technology companies, public and private health care companies, hospitals and physician organizations, manufacturers, medical device companies, and health plans. He guides venture capital groups, private equity funds, investment banks, and other investors on health care regulatory issues in connection with financing, mergers and acquisitions, and restructuring.
Ryan’s work is greatly informed by his experience as a teacher. Prior to attending law school, Ryan earned a master’s degree in education and taught at an under-resourced Catholic middle school. He is known for his ability to communicate clearly and to coordinate large teams working on complex matters. Outside of his health law practice, Ryan has been repeatedly recognized for his public service and pro bono work. He has successfully handled numerous education-related cases, helped establish three nonprofit organizations and defended qualified recipients of disability benefits.
Subscribe to all posts by Ryan P. Blaney
On March 2, 2023, the Federal Trade Commission (FTC) announced that it had reached a $7.8 million settlement with mental health and online counseling platform, BetterHelp, Inc. (“BetterHelp”). The FTC alleged that BetterHelp shared consumers’ sensitive health data combined with other personal information (PI) with third party advertising platforms without first obtaining affirmative consent and … Continue Reading
On January 1, 2021, Congress enacted the Corporate Transparency Act as part of the Anti-Money Laundering Act of 2020 to “better enable critical national security, intelligence, and law enforcement efforts to counter money laundering, the financing of terrorism, and other illicit activity.” FinCEN issued the final rule on Beneficial Ownership Information Reporting Requirements on September … Continue Reading
Judge Jeffrey White of the Northern District of California recently dismissed a putative class action lawsuit in which plaintiffs claimed they faced an imminent threat of future of harm in the form of identity theft and fraud because their personal information, specifically their driver’s license numbers, may have been compromised in a data breach. In … Continue Reading
On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile app used to gather information … Continue Reading
Roughly two weeks apart, on July 21, 2022 and August 5, 2022, respectively, Amazon made headlines for agreeing to acquire One Medical, “a human-centered and technology-powered primary care organization,” for approximately $3.9 billion and iRobot, a global consumer robot company, known for its creation of the Roomba vacuum, for approximately $1.7 billion. These proposed acquisitions … Continue Reading
A new legal mechanism to allow for transfers of personal data between the EU and the U.S. is now advancing after an October 7th, 2022 Executive Order was issued by U.S. President Biden (the “Executive Order”). The new mechanism is referred to as the EU-U.S. Data Privacy Framework (the “Framework”) and is intended to replace … Continue Reading
Where business-critical information or platforms are at stake, many commercial parties will seriously consider immediately paying the ransom hoping to regain control of operations, secure client data and avoid continued business disruption and negative publicity. However, businesses may wish to pause. Cyberattacks, by their very nature, know no borders and nor therefore should a private … Continue Reading
As summer nears its end, uncertainty and complexity lie ahead for many companies as they evaluate how to operationalize compliance with the California Privacy Rights Act (CPRA), existing California employment laws and potentially the passage of a federal privacy law, the American Data Protection and Privacy Act, H.R. 8152 (ADPPA), that may preempt some but … Continue Reading
On August 24, 2022, California Attorney General (AG) Rob Bonta announced a settlement with beauty products retailer, Sephora USA, Inc. (“Sephora”), resolving claims that Sephora violated the California Consumer Privacy Act (CCPA) for, among other things, failing to disclose to consumers that it was selling their personal information (including precise location data) and failing to … Continue Reading
Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and emerging cyber threats to the security of sensitive information and critical systems.” Led by the Civil Fraud Section of DOJ’s Commercial Litigation Branch, the CCFI leverages the False Claims Act (“FCA”) … Continue Reading
During a much anticipated Open Commission Meeting announced by Commission Chair Lina M. Khan, the Federal Trade Commission (“FTC”) voted in favor of issuing one new policy statement and one new report to Congress.… Continue Reading
The California Privacy Protection Agency (the “Agency”) released draft regulations to the California Privacy Rights Act (“CPRA”) on May 31, 2022 (the “Proposed Regulations”). The Proposed Regulations are drafted as comments to the California Attorney General’s regulations for the California Consumer Privacy Act, California’s landmark privacy law, which was amended by CPRA.… Continue Reading
The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information represents a chance for the private sector to contribute to HHS regulation. Interested parties have until June 6, 2022 to submit comments. HHS … Continue Reading
In a joint press conference on March 25, 2022, U.S. President Joseph Biden and European Commission President Ursula von der Leyen announced an agreement “in principle” on a framework, called the Trans-Atlantic Data Privacy Framework (“Privacy Shield 2.0”), to replace the U.S.-EU Privacy Shield. The EU General Data Protection Regulation (“GDPR”) places restrictions on personal … Continue Reading
The 21st Century Cures Act directed the National Coordinator to “develop or support a trusted exchange framework, including a common agreement among health information networks nationally.” Fulfilling that mandate, the Office of the National Coordinator (“ONC”) for Health Information Technology released the “Trusted Exchange Framework and the Common Agreement” for health record interoperability. The two … Continue Reading
The FTC indicated that it will use its rulemaking authority under the FTC Act’s Section 18 to create a new rule that will likely seek to rein in broad data collection and use. In October 2021, FTC Commissioner Rebecca Kelly Slaughter made two speeches in which she expressed a desire to move beyond the FTC’s … Continue Reading
Cybersecurity experts around the world are scrambling to sound the alarm about a newly discovered security vulnerability that could be used by attackers to easily infiltrate computer systems.… Continue Reading
A heightened risk for cyberattacks and data breaches calls for companies to remain diligent as they navigate a patchwork of federal, state, local and sector-specific privacy and data protection laws, regulations and guidance. For Financier Worldwide, Margaret A. Dale and Ryan P. Blaney deliver commentary on the evolving landscape and offer considerations for companies looking … Continue Reading
The final version of the new standard contractual clauses (“SCCs”) were published by the European Commission on June 4, 2021. Many organizations that transfer or receive personal data originating in the European Economic Area (“EEA”) outside the EEA will be required to implement these SCCs with their customers, suppliers and affiliates by December 2022 to … Continue Reading
It has been reported that European Commission will publish the final versions of new forms of Standard Contractual Clauses (“SCCs”) shortly (even potentially within the next few days). The Commission published draft versions of these SCCs and the implementing Commission Decisions in December 2020. These new SCCs are, arguably, the most significant development in European … Continue Reading
Illinois’ Biometric Information Privacy Act (“BIPA”) is alive and well as a potential breeding ground for litigation for tech companies. In the last month, two settlements have been announced in class actions where the plaintiffs alleged violations of BIPA in the U.S. District Court for the Northern District of Illinois. These settlements show that companies … Continue Reading
A previous blog post discussed FTC Chairwoman Slaughter’s first priority as the newly designated chairwoman – the COVID-19 pandemic. The FTC’s second priority, racial equity, can be broken down into two sub issues. First, the FTC plans to investigate biased and discriminatory algorithms that target vulnerable communities. As the FTC acknowledges, the analysis of data … Continue Reading
On January 21, 2021, President Biden designated Federal Trade Commission (the “FTC”) Commissioner Rebecca Kelly Slaughter as acting chair of the FTC. Soon thereafter in one of her first speeches in her new role, Chairwoman Slaughter announced two substantive areas of priority for the FTC – the COVID-19 pandemic and racial equity.… Continue Reading
As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product, known as Orion, helps organizations manage their networks, servers, and networked devices. The hacker concealed malware inside a software update that, when installed, allowed the hacker to perform reconnaissance, elevate … Continue Reading
FTC’s One-Two Punch on Data Tracking and Health Privacy
By Ryan P. Blaney and Jonathan Mollod on Posted in Data Privacy Laws, FTC Enforcement, HIPAA
Shining a Light on the Corporate Transparency Act: FinCEN’s Rules for Beneficial Ownership Reporting
Standing to Sue: Is Theft of Drivers’ License Numbers Sufficient to Allege Imminent Threat of Future Harm?
HHS Bulletin: Covered Entities’ Disclosure of PHI Collected via Online Tracking Technologies Falls under HIPAA
By Ryan P. Blaney, Danielle Brooks and Jonathan Mollod on Posted in Data Privacy Laws, HIPAA, Mobile Privacy, Online Privacy, Privacy Law
Amazon’s Recent Acquisitions Highlight the Value of Consumer Data (and the Evolving Privacy Issues)
By Ryan P. Blaney, Danielle Brooks and Jonathan Mollod on Posted in Data Privacy Laws, E-Commerce, Privacy Law
EU-U.S. and UK-U.S. Data Transfer Deals Advance with White House Executive Order
By Ryan P. Blaney, Vishnu V. Shankar, Kelly McMullon and Vincent J. Tennant on Posted in Data Privacy Laws, European Union, GDPR, Privacy Law
Held to Ransom: How Cyberattacks Can Become a Legal and Regulatory Odyssey for a Private Investment Fund
Happy “Labor …” More Privacy Rights for Employees: California Legislature Closes Session Without Extending Employee and B2B Data Exemptions Under the CCPA
By Ryan P. Blaney and Jonathan Mollod on Posted in California, Data Privacy Laws, Workplace Privacy
Message Sent! California Attorney General Announces $1.2 Million CCPA Settlement with Retailer and Its Focus on the Sale of Customer Information
By Ryan P. Blaney and Jonathan Mollod on Posted in California, Data Privacy Laws, Privacy Law, Privacy Litigation
DOJ’s Civil Cyber-Fraud Initiative Secures More Than $9 Million in Two False Claims Act Settlements for Alleged Cybersecurity Violations
“A Full Plate”: FTC’s Open Meeting on PBMs, AI, Privacy and Online Harms
By Ryan P. Blaney on Posted in Data Privacy Laws, Legislation, Online Privacy, Privacy Law
California Privacy Protection Agency Released Proposed CPRA Regulations
By Ryan P. Blaney and Vincent J. Tennant on Posted in Data Privacy Laws, Legislation, Online Privacy, Privacy Law
Department of Health and Human Services Issues Request for Information on Cybersecurity Standards
By Ryan P. Blaney and Vincent J. Tennant on Posted in Cybersecurity, HIPAA, Legislation, Privacy Law
U.S. and EU Agree in Principle on New Trans-Atlantic Data Privacy Framework
By Ryan P. Blaney, Vishnu V. Shankar, Alexander Dixey and Vincent J. Tennant on Posted in Data Privacy Laws, GDPR, International, Privacy Law
ONC Releases Interoperability Frameworks
By Ryan P. Blaney, Vincent J. Tennant, Whitney Phelps and Jason S. Madden on Posted in Legislation, Miscellaneous, Privacy Law
FTC Seeks to Move Beyond Notice and Consent to Restrict Data Collection and Use
By Amy Gordon and Ryan P. Blaney on Posted in Data Privacy Laws, FTC Enforcement, Privacy Law
“Log4Shell” Vulnerability Has Potential to Compromise Millions of Devices
By Ryan P. Blaney, Will S. Chuchawat and Vincent J. Tennant on Posted in Cybersecurity, Data Privacy Laws, Invasion of Privacy, Privacy Law
INDEPTH: Data Protection & Privacy Laws 2021
By Ryan P. Blaney and Margaret A. Dale on Posted in Cybersecurity, Data Privacy Laws, Privacy Law
Navigating the New Standard Contractual Clauses for International Data Transfers under the GDPR
By Ryan P. Blaney, Vishnu V. Shankar and Kelly McMullon on Posted in Cybersecurity, Data Privacy Laws, GDPR, International, Privacy Law
Preparing for the Final Version of the New EU Standard Contractual Clauses for International Data Transfers
By Vishnu V. Shankar, Kelly McMullon and Ryan P. Blaney on Posted in Data Privacy Laws, European Union, GDPR, Legislation, Privacy Law
Litigation Breeding Ground: Illinois’ Biometric Information Privacy Act
By Ryan P. Blaney, Julia Alonzo and Brooke Gottlieb on Posted in Biometrics, Privacy Law, Privacy Litigation
The Future of the FTC: Part II
By Ryan P. Blaney and Brooke Gottlieb on Posted in Children's Online Privacy Protection Act, FTC Enforcement, Privacy Law
The Future of the FTC: Part I
By Ryan P. Blaney and Brooke Gottlieb on Posted in Children's Online Privacy Protection Act, FTC Enforcement, Privacy Law
