Although the healthcare industry is often focused on the Health Insurance Portability and Accountability Act (HIPAA) and compliance with its privacy regulations, there are many companies that service HIPAA-regulated entities that are not subject to such HIPAA regulations themselves, such as consumer-directed digital health companies, including those providing healthcare-related or focused mobile applications. Given the complexities of complying with various privacy rules, for those working with the healthcare industry or adjacent industries, evaluating their own and their vendor’s compliance with laws when HIPAA does not apply should be an ongoing process as privacy laws evolve.
In a recent LawFlash, our Morgan Lewis team—Amy Magnano, Reece Hirsch, Michael Madderra, and Sydney Reed Swanson—highlighted the recent developments and upcoming changes to consumer privacy laws enacted across the United States. As noted, without uniform federal privacy laws, companies, including vendors and suppliers servicing the healthcare industry but who are not subject to HIPAA, must continue to monitor and adapt to each state’s privacy laws.