At the state level, genetic privacy remains a fast-moving topic, and states continue to introduce and advance bills regulating genetic data.
Continue Reading Utah and South Dakota Enact Genetic Privacy Laws as Other States Advance BillsHealth Issues
UNESCO Adopts First Global Framework on Neurotechnology Ethics
By Paul Maynard on
On November 12, 2025, UNESCO’S General Conference adopted its Recommendation on the Ethics of Neurotechnology (“the Recommendation”)–the first attempt at establishing a global legal framework for the ethical development and use of neurotechnology. The Recommendation aims to set out a comprehensive rights-based framework for the entire life cycle of neurotechnology, from the design of neurotechnology products and services to their disposal.
While not legally-binding, the Recommendation states that its provisions should be considered by, among others, UNESCO Member States, research organizations, and private companies involved in neurotechnology, and that they establish how best to honor fundamental human rights in the development, deployment and disposal of this technology. It is therefore possible that in the future, they may be a starting point for binding legislation, or could be used as persuasive authority to support enforcement actions arising under existing legislation protecting fundamental human rights, e.g., the GDPR and other privacy laws around the world. In that regard, it is notable that the EU AI Act was inspired, at least in part, on UNESCO’s November 2021 Recommendation on the Ethics of Artificial Intelligence. There is, therefore, a real possibility that private sector companies developing neurotechnologies will be subject to rules specifically regulating such technologies in the future.
Continue Reading UNESCO Adopts First Global Framework on Neurotechnology EthicsWashington State AI Task Force Releases AI Policy Recommendations for 2026
On December 1, the Washington State AI Task Force (“Task Force”) released its Interim Report with AI policy recommendations to the Governor and legislature. Established by the legislature in 2024, the Task Force is responsible for evaluating current and potential uses of AI in Washington and recommending regulatory and legislative…
Continue Reading Washington State AI Task Force Releases AI Policy Recommendations for 2026U.S. Senate Introduces the Health Information Privacy Reform Act
By Libbie Canter, Anna D. Kraus, Elizabeth Brim & Natalie Maas on
Posted in Health Privacy, Privacy
On November 4, 2025, Senator Bill Cassidy (R-LA), chair of the Senate Health, Education, Labor, and Pensions (“HELP”) Committee, introduced the Health Information Privacy Reform Act (“HIPRA”). HIPRA seeks to extend protections similar to those provided under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) to certain health information collected by entities not currently regulated by HIPAA. HIPRA also proposes modifications and calls for guidance related to certain existing provisions of HIPAA as well as Part 2 (related to substance use disorder medical history).
Continue Reading U.S. Senate Introduces the Health Information Privacy Reform ActNew German Guidelines on GDPR Requirements for International Transfers of Health Data in Medical Research
On September 17, 2025, the German Supervisory Authorities (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, DSK) published new guidelines and recommendations addressing the complex requirements for transferring personal data, particularly health data (including health data contained in biomaterials), to countries outside of the European Economic Area for scientific research purposes under the GDPR. These guidelines may be of particular relevance for pharmaceutical, medical device, and other life sciences companies that conduct clinical research.
Continue Reading New German Guidelines on GDPR Requirements for International Transfers of Health Data in Medical ResearchFlo Health, Google Settle Class Action Privacy Lawsuit for $56 Million
By Libbie Canter, Anna D. Kraus, Elizabeth Brim & Ariel Dukes on
In late September, plaintiffs announced details regarding Google LLC’s (“Google”) and women’s health app developer, Flo Health Inc.’s (“Flo”) proposed settlements to resolve a class action lawsuit stemming from the Flo app’s allegedly unlawful sharing of health data with Google and others through online tracking technologies.
As part of the proposed settlements, Google agreed to pay $48 million and Flo agreed to pay $8 million, for a combined $56 million to resolve plaintiffs’ claims against these two entities.
Continue Reading Flo Health, Google Settle Class Action Privacy Lawsuit for $56 MillionCongress Introduces Neural Data Bill
By Libbie Canter, Elizabeth Brim & Natalie Maas on
Posted in Health Privacy
On September 24, Senate Democratic Leader Chuck Schumer (D-N.Y.), Senator Maria Cantwell (D-Wash.), and Senator Ed Markey (D-Mass.) introduced the Management of Individuals’ Neural Data (“MIND”) Act of 2025, which would require the Federal Trade Commission (“FTC”) to conduct a study and provide a report examining the governance of “neural data” under existing law and identify additional areas for federal regulation. The bill would also require the Office of Science and Technology Policy (“OSTP”) to issue guidance regarding federal agencies’ use of certain neurotechnology.
Continue Reading Congress Introduces Neural Data BillCalifornia Lawmakers Advance Suite of AI Bills
As the California Legislature’s 2025 session draws to a close, lawmakers have advanced over a dozen AI bills to the final stages of the legislative process, setting the stage for a potential showdown with Governor Gavin Newsom (D). The AI bills, some of which have already passed both chambers, reflect…
Continue Reading California Lawmakers Advance Suite of AI BillsLatest Cybersecurity False Claims Act Settlement with Diagnostics Provider Focuses on Sensitive Health Systems
In a recently announced settlement agreement with the U.S. Department of Justice (“DOJ”), Illumina, Inc. (“Illumina”) agreed to pay $9.8 million to resolve claims arising from alleged cybersecurity vulnerabilities in genomic sequencing systems that the company sold to federal agencies. The case is the latest in a series of False Claims Act (“FCA”) settlements under the current administration that evidence DOJ’s continued focus on cybersecurity obligations for government contractors, particularly those that maintain sensitive data and personal information on behalf of federal customers.
Continue Reading Latest Cybersecurity False Claims Act Settlement with Diagnostics Provider Focuses on Sensitive Health SystemsDistrict Court Enjoins Privacy Rule Modifications Regarding Reproductive Health Care
Posted in Health Privacy
On June 19, 2025, the U.S. District Court for the Northern District of Texas vacated the majority of the Biden Administration rule (the “2024 Rule”) modifying the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance Portability and Accountability Act (“HIPAA”) regarding protected health information (“PHI”) concerning reproductive health. As discussed in further detail in our previous blog post, the 2024 Rule “limit[ed] the circumstances in which provisions of the Privacy Rule permit the use or disclosure of an individual’s PHI about reproductive health care for certain non-health care purposes.”
Continue Reading District Court Enjoins Privacy Rule Modifications Regarding Reproductive Health Care