Health Law Highlights

Comprehensive Federal Privacy Bill May Open Backdoor for HIPAA Private Right of Action

Summary of article from Fox Rothschild, by Elizabeth Litten:

The American Privacy Rights Act of 2024 (APRA) is a significant data privacy bill that aims to establish national data privacy rights and protections, superseding existing state data privacy laws. The Federal Trade Commission, states, and impacted individuals will enforce it. The bill includes a provision for entities subject to the Health Insurance Portability and Accountability Act (HIPAA), stipulating they must comply with HIPAA’s data privacy and security requirements. However, the bill leaves room for non-compliant entities to be subject to APRA’s robust enforcement mechanisms, including the right for individuals to sue for alleged HIPAA violations. Given the complexity and evolving nature of HIPAA compliance requirements, the stability of APRA’s HIPAA provisions may be uncertain.