Archives: Health Privacy

Subscribe to Health Privacy RSS Feed

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning.  To read … Continue Reading

HHS Announces More HIPAA Enforcement Actions

The beginning of 2017 has brought a number of HIPAA enforcement actions involving covered entities. These enforcement actions indicate that HHS is continuing recent efforts to step up HIPAA enforcement and levy significant penalties for non-compliance. In January, HHS announced that it had reached a $475,000 settlement with a large health care network for failure … Continue Reading

CDRH Releases Postmarket Cybersecurity Final Guidance

By Christopher Hanson On December 28, 2016, CDRH announced the publication of the final guidance “Postmarket Management of Cybersecurity in Medical Devices.”  In a separate post, we reported on the January 22, 2016 draft version of this guidance document.  The final guidance provides FDA’s recommendations on a risk-based framework for medical device manufacturers to assess and … Continue Reading

Twenty-First Century Cures Act Includes HIPAA Provisions

A new post over on Covington’s eHealth blog discusses HIPAA-related provisions in the Twenty-First Century Cures Act, signed by President Obama on December 13.   These provisions direct HHS to consider HIPAA’s effects on mental health treatment and the availability of health data for research purposes.  Read the full post here.… Continue Reading

The Commission on Enhancing National Cybersecurity Releases Its Report on Securing and Growing the Digital Economy

On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a multi-stakeholder approach, emphasizing the … Continue Reading

FTC Announces it will Provide Guidance on Ransomware

The FTC has become the most recent regulator to take a closer look at ransomware and its impact on consumers. During the FTC’s September 7, 2016, Fall Technology Series on Ransomware, Chairwoman Edith Ramirez announced that the FTC will soon release guidance to businesses on how to protect against ransomware. Ransomware is a malicious software … Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

UK Government Considering New Patient Data Security and Research Consent Standards, Sanctions

A new post on the Covington eHealth blog reports that the UK government is running a consultation around NHS patient data security standards and a new legal framework for secondary uses (e.g. research) of patient data.  To find out more about the proposals and the consultation, please click here.… Continue Reading

ONC Report to Congress Identifies Gaps in Oversight of Privacy and Security of mHealth Technologies and Health Social Media

Today we published a post on the Covington eHealth blog regarding a recent report by the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC).  The ONC report highlights “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by … Continue Reading

FDA Releases Draft Guidance on Dissemination of Patient-Specific Information by Device Manufacturers

Last month, the FDA released a draft guidance document on the sharing of patient-specific data associated with medical devices, including information recorded, stored, processed, retrieved, and/or derived from the device.  A new post on Covington’s Inside Medical Devices blog discusses the draft guidance and its implications for sharing patient information.… Continue Reading

Significant HIPAA Fine Follows Business Associate’s Stolen iPhone

A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone.  This recent enforcement action should put business associates … Continue Reading

Obama Administration Releases Final Data Security Policy Principles and Framework for Its Precision Medicine Initiative

Last week, our colleague Shruti Barker published an article on the Inside Medical Devices Blog, discussing eight data security principles that companies participating in the Precision Medicine Initiative should aim to meet.  The Administration’s guidance document additionally recommends a basic framework that organizations collecting, storing, and sharing patient information should adopt as current best practices.  The … Continue Reading

EU Cyber Security Directive To Enter Into Force In August

The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year.  Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading

OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy.  In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.… Continue Reading

FTC Releases Online Tool to Help Health App Developers Identify Applicable Laws

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy.  As part of … Continue Reading

SAMHSA Proposes Changes to Confidentiality Rules

On Tuesday, February 9, the Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule to update regulations at 42 C.F.R. Part 2 that protect the confidentiality of alcohol and drug abuse patient records.  The regulations were originally promulgated in 1975 and last substantively updated in 1987.  SAMHSA intends for these updates to … Continue Reading

HHS Issues Final Rule on HIPAA and Firearm Background Check Reporting

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS).  We previously discussed the proposed rule here. Background:  The NICS, maintained by … Continue Reading

CEA Releases Guidelines on Privacy and Security of Personal Wellness Data

Last week, the Consumer Electronics Association (“CEA”) announced its Guiding Principles on the Privacy and Security of Personal Wellness Data, a set of baseline, voluntary guidelines for private-sector organizations that handle the type of data often produced by wearable technologies.  The Guiding Principles are categorized into eight areas and generally include the following recommendations: Security.  Robust … Continue Reading

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers.  The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.  To read the post, click here.… Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

Proposed Rule Would Amend Federal “Common Rule” Requirements

On September 8, 2015, sixteen federal agencies published a long-awaited Notice of Proposed Rulemaking (NPRM) to modernize the Federal Policy for the Protection of Human Subjects, known as the “Common Rule.” The proposal, available here, includes a number of changes related to privacy and data security and other changes relevant to entities seeking to conduct … Continue Reading

Cybersecurity Risks with Connected Devices

By Bianca Nunes Cybersecurity vulnerability is becoming an increasing concern as medical devices are becoming more connected to the Internet, hospital networks, and other medical devices. As we previously reported, FDA has increasingly focused on promoting cybersecurity, recognizing that compromised medical devices can pose a risk to patient health and safety and to the confidentiality … Continue Reading

Multistakeholder Group Seeks Comment on Draft Framework for IoT Device Manufactures

Earlier this week, the Online Trust Alliance released a draft framework of best practices for Internet of Things device manufacturers and developers, such as connected home devices and wearable fitness and health technologies.  The OTA is seeking comments on its draft framework by September 14. The framework acknowledges that not all requirements may be applicable … Continue Reading
LexBlog