Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and specifically the Privacy Rule under HIPAA’s implementing regulations, patients have a right to access their health information held by health care providers. In 2016, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance stressing the importance of this right. The OCR also implemented a HIPAA Right of Access Initiative as an enforcement priority in 2019, and the OCR has since actively pursued violations under the right of access standard.

Atkins Investment Partnership, et al. v. EisnerAmper, LLP, et al. was filed in the Northern District of California on February 8, 2021, claiming civil damages from an auditor that allegedly aided and abetted its client’s Ponzi scheme by providing false audits. Specifically, the complaint alleges negligent misrepresentation, common law fraud, aiding and abetting fraud, aiding and abetting breach of fiduciary duty, and aiding and abetting securities fraud in violation of California Corporations Code section 25403.

Atkins Investment Partnership, et al. v. EisnerAmper, LLP, et al. was filed in the Northern District of California on February 8, 2021, claiming civil damages from an auditor that allegedly aided and abetted its client’s Ponzi scheme by providing false audits. Specifically, the complaint alleges negligent misrepresentation, common law fraud, aiding and abetting fraud, aiding and abetting breach of fiduciary duty, and aiding and abetting securities fraud in violation of California Corporations Code section 25403.

Atkins Investment Partnership, et al. v. EisnerAmper, LLP, et al. was filed in the Northern District of California on February 8, 2021, claiming civil damages from an auditor that allegedly aided and abetted its client’s Ponzi scheme by providing false audits. Specifically, the complaint alleges negligent misrepresentation, common law fraud, aiding and abetting fraud, aiding and abetting breach of fiduciary duty, and aiding and abetting securities fraud in violation of California Corporations Code section 25403.

Atkins Investment Partnership, et al. v. EisnerAmper, LLP, et al. was filed in the Northern District of California on February 8, 2021, claiming civil damages from an auditor that allegedly aided and abetted its client’s Ponzi scheme by providing false audits. Specifically, the complaint alleges negligent misrepresentation, common law fraud, aiding and abetting fraud, aiding and abetting breach of fiduciary duty, and aiding and abetting securities fraud in violation of California Corporations Code section 25403.

Atkins Investment Partnership, et al. v. EisnerAmper, LLP, et al. was filed in the Northern District of California on February 8, 2021, claiming civil damages from an auditor that allegedly aided and abetted its client’s Ponzi scheme by providing false audits. Specifically, the complaint alleges negligent misrepresentation, common law fraud, aiding and abetting fraud, aiding and abetting breach of fiduciary duty, and aiding and abetting securities fraud in violation of California Corporations Code section 25403.

Atkins Investment Partnership, et al. v. EisnerAmper, LLP, et al. was filed in the Northern District of California on February 8, 2021, claiming civil damages from an auditor that allegedly aided and abetted its client’s Ponzi scheme by providing false audits. Specifically, the complaint alleges negligent misrepresentation, common law fraud, aiding and abetting fraud, aiding and abetting breach of fiduciary duty, and aiding and abetting securities fraud in violation of California Corporations Code section 25403.

As we discussed in Part I, the United States does not have a single, comprehensive federal law governing biometric data.  However, we have recently seen an increasing number of states focusing on this issue.  Part I summarized legislative activity on this issue in 2020.  In this Part II, we discuss noteworthy legislation to monitor in 2021.

What to Expect in 2021

At least two states—New York and Maryland—have already introduced biometrics legislation in this first month of 2021.

New York – AB 27

On January 6, 2021, the New York Assembly introduced the Biometric Privacy Act (BPA), a New York state biometric law aimed at regulating businesses handling biometric data.  BPA will prohibit businesses from collecting biometric identifiers or information without first receiving informed consent from the individual, prohibit profiting from the data, and will require a publicly available written retention and destruction policy.  As proposed, the statute contains a private right of action; and if passed, it will permit consumers to sue businesses for improperly collecting and using their biometric data.  The statute follows Illinois’s BIPA, allowing recovery of $1,000 per negligent violation and $5,000 per intentional violation, or actual damages, whichever is greater, along with attorney’s fees and costs, and injunctive relief.

The Northern District of Illinois recently denied a hospital reimbursement consultant’s motion for summary judgment, finding that the consultant could be held liable under the FCA based on the theory that the consultant’s solicitations of fees-for-recommendations could be found to violate the Federal Anti-Kickback Statute (“AKS”).

In United States ex rel. Graziosi v. R1 RCM