A California bill would exempt from the state’s sweeping privacy law, known as the California Consumer Privacy Act, personal information gathered for medical research or information stripped of identifiers linking it to individuals.
In a Bloomberg Law article published on Feb. 13, health care partner Christine Moundas (New York), health care associate David Peloquin (Boston) and law clerk Elana Bengualid (New York) explain that the CCPA bill would significantly ease the compliance burden for the medical and research communities.
The authors also note that if enacted, this bill would require many HIPAA covered entities to state in their online privacy policies that they sell or disclose de-identified health information. For many such entities this would be a new practice, given that HIPAA does not require entities to discuss disclosures of de-identified information in their notices of privacy practices. Moreover, the bill would affect non-HIPAA covered entities, including life sciences and health information technology companies, many of which use and disclose de-identified health information for a wide variety of purposes, including data monetization initiatives.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.