Now that the Supreme Court of the United States has declared that authority to regulate abortion rests with the states, organizations operating across state lines face new and some unprecedented challenges created by the civil and criminal legal issues arising from risks of enforcement in any state where abortion is or will be banned (a “ban state”). Health care providers, employers, and other organizations with any nexus to such states will need to conduct careful analyses and may have to accept an unknown level of enforcement risk while various jurisdictions respond to their newfound power and determine if and how to wield it. The risks may extend to providers who deliver abortions, patients seeking abortions, companies who support their employees traveling to non-ban states to receive abortions, and their executives. The outer parameters of who is subject to enforcement risk are presently unknown but are likely to vary from jurisdiction to jurisdiction.
On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.
In a recent Press Release dated December 15, 2021, the Office of the Attorney General for the State of New Jersey (the “N.J. Attorney General’s Office”) announced the settlement, via consent order, of alleged HIPAA violations involving three, New Jersey based cancer treatment providers, In the Matter of RCCA MSO LLC, Regional Cancer Care Associates LLC, and RCCA MD LLC. Two key takeaways from this matter are that New Jersey based health care providers need to be wary of state as well federal authorities when it comes to information security and related policies and warrant substantial investments in cyber security.
Blog Editors
Recent Updates
- Quashing an Out-of-State Subpoena: No Easy Task
- The Sleeping Giant: New York’s Commercial Division Expert Disclosure Rules
- Commission Commitments: Massachusetts Appeals Court Upholds Obligation to Continue Paying Commission for the Life of the Underlying Customer Relationship
- A Win for Out-of-Network Providers
- Mastering Legal Writing: Elevate Your Written Advocacy – Speaking of Litigation Video Podcast