Legal Insights and Perspectives for the Healthcare Industry

Several lawyers from our healthcare industry team recently attended HLTH in Las Vegas. HLTH provided a showcase for innovative ideas, platforms, and programs embracing the concept of “patient-centered care.”

This year’s event offered particular focus on innovations addressing the social determinants of care, elements of daily life that create barriers to receiving health services. As one executive of a large hospital system mentioned, they were reframing the institution’s vision around “health” and not “healthcare.” From programs in states partnering with ride-share apps to ensure Medicaid beneficiaries made their appointments, to highly integrated medical record and patient communication platforms designed to meet patients in their own space, there were numerous examples of business opportunities and legal challenges.

Our prior post discussed three potential enhancements to cyber-related liability insurance policies designed to maximize their potential responsiveness to actions initiated by consumers or the state attorney general under the California Consumer Privacy Act (CCPA). Today, we offer four additional suggested coverage enhancements for consideration in advance of the CCPA’s January 20, 2020, effective date:

The California Consumer Privacy Act (CCPA) is a game-changer. Taking effect on January 1, 2020, the data privacy law creates new statutory rights governing the handling, storage, and sale of personal information. It broadens significantly the definition of “personally identifiable information” over prior statutory enactments. It reaches companies inside and outside of California based on revenue or the number of consumers whose personal information is bought, sold, shared, or received by a company. It creates private rights of action permitting the potential recovery of statutory or actual damages for consumers, and a new public form of action for the assessment of fines by the state attorney general.

Will typical cyber-related liability insurance policies respond to actions initiated under the CCPA? In their current form, many likely will not. This post suggests enhancements to existing cyberliability policies to maximize their potential responsiveness to CCPA actions.