PrivacySignal
Healthcare

Vermont Enacts Privacy Legislation to Regulate Health-Related Information

Inside Privacy (Covington) · · International · Healthcare Privacy

Vermont has signed two new privacy laws targeting health-related data. One regulates direct-to-consumer genetic testing companies; the other is a broader privacy statute that carves out stronger protections specifically for consumer health data.

Why this matters: Health data is the most personal category there is. It can affect your insurance, your job, your relationships, and your safety. Vermont is now one of a small group of states that treats it differently from ordinary consumer data — and genetic data gets its own law on top of that. Direct-to-consumer DNA tests are a real gap. People spit in a tube without thinking much about who owns that data afterward or what they can do with it. These laws put real limits on that. Other states are watching.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers · Cybersecurity · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Healthcare
HIPAA Journal · · US Federal

AdaptHealth Reports Material Cybersecurity Incident and Theft of Patient Data

AdaptHealth, a publicly traded home medical equipment and supplies company, has disclosed a cybersecurity incident it has classified as material, involving the theft of patient data. The breach affects customers who rely on the company for home health products including diabetes supplies and sleep therapy equipment.

Who should care: Healthcare professionals · Privacy officers · Compliance

#healthcare Read original →
Healthcare
HIPAA Journal · · US Federal

Delaware & Florida Women’s Health Centers Announce Data Breaches

Two women's health clinics — one in Delaware, one in Florida — have disclosed separate data breach incidents involving unauthorized access to or retention of patient information. Both providers are covered under HIPAA, which governs the handling of sensitive health data.

Who should care: Healthcare professionals · Privacy officers · Compliance

#healthcare Read original →
Healthcare
HIPAA Journal · · US Federal

ClickFix Social Engineering Technique is the Leading Method for Malware Delivery

The ClickFix social engineering technique is the leading method of malware delivery, according to an analysis by researchers at ReliaQuest. […] The post ClickFix Social Engineering Technique is the Leading Method for Malware Delivery appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance

#healthcare#security Read original →
Healthcare
HIPAA Journal · · US Federal

HHS Provides Update on its Artificial Intelligence RFI

The Department of Health and Human Services has released an update on its Artificial Intelligence Request for Information, outlining how it intends to accelerate AI adoption across the agency. The update signals that HHS is moving from information-gathering toward more concrete plans for integrating AI into federal health programs.

Who should care: Healthcare professionals · Privacy officers · Compliance · AI governance · Lawyers · Administrators · General readers · Policy

#healthcare#ai-governance#ai Read original →
Healthcare
HIPAA Journal · · US Federal

Take the Guesswork out of HIPAA Compliance for Small Practices

The HIPAA Journal has published guidance aimed at small medical practices struggling with inconsistent or assumption-based approaches to HIPAA compliance, arguing that documented, systematic processes should replace informal judgments about what protections are already in place.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers

#healthcare#regulation Read original →