Tag Archives: Health IT

ICO Rules UK Hospital-DeepMind Trial Failed to Comply with UK Data Protection Law

The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to … Continue Reading

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning.  To read … Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

Obama Administration Releases Final Data Security Policy Principles and Framework for Its Precision Medicine Initiative

Last week, our colleague Shruti Barker published an article on the Inside Medical Devices Blog, discussing eight data security principles that companies participating in the Precision Medicine Initiative should aim to meet.  The Administration’s guidance document additionally recommends a basic framework that organizations collecting, storing, and sharing patient information should adopt as current best practices.  The … Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

HHS Releases New Tool to Assist with HIPAA Risk Assessments

On March 28, HHS released new resources on risk analysis requirements under the HIPAA Security Rule.  The HIPAA Security Rule governs how electronic individually identifiable health information is maintained by covered entities and business associates.  In short, it requires covered entities and business associates to implement certain physical, administrative, and technical safeguards to protect the … Continue Reading

HHS Publishes Standards for Health Care Electronic Funds Transfers and Remittance Advice

The Department of Health and Human Services (HHS) recently published an interim final rule with comment period entitled “Administrative Simplification: Adoption of Standards for Health Care Electronic Funds Transfers (EFTs) and Remittance Advice.”  The rule establishes streamlined standards for the format and content of transmissions that health plans send to financial institutions when making electronic funds … Continue Reading

Minnesota AG Files First HIPAA Enforcement Action Against Business Associate

Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law.  Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services, … Continue Reading

Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule

The Senate Judiciary Subcommittee on Privacy, Technology, and Law recently held a hearing to discuss federal enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, entitled “Your Health and Your Privacy: Protecting Health Information in a Digital World.” In that hearing, Subcommittee … Continue Reading

ONC Proposes Nationwide Survey on EHR Privacy, Security

The Office of the National Coordinator for Health Information Technology (ONC) is proposing to conduct a nationwide survey regarding consumer attitudes toward the privacy and security aspects of electronic health records (EHR) and electronic health information exchange, according to a notice in last Thursday’s Federal Register. ONC’s plan is to use computer-assisted telephone interviews to … Continue Reading

OIG Urges Inclusion of General IT Security Controls in HIT Standards

By Anna Kraus & Rachel Grunberger As we reported previously, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently issued two reports that highlight continuing concerns over how best to ensure the privacy and security of electronic health information.  Earlier this week, we provided more detail on the OIG’s report … Continue Reading

OIG Criticizes HHS Oversight of the HIPAA Security Rule, Data Security Controls in Health IT Standards

By Anna Kraus and Rachel Grunberger Last week, the Office of Inspector General (OIG) within the Department of Health and Human Services (HHS) issued two audit reports regarding federally mandated data security measures for health information.  Both reports are highly critical of HHS’s efforts to protect the security of electronic health information. In the first … Continue Reading

ONC Seeks Public Comment on Federal Health IT Strategic Plan

The Office of the National Coordinator for Health Information Technology (ONC) is requesting public comment on its Federal Health Information Technology Strategic Plan: 2011-2015.  ONC updated the Plan (last published in 2008) to reflect the major changes to health IT policy contained in the HITECH Act and the Affordable Care Act.  The Plan, which reflects … Continue Reading

Privacy in a Health IT World

The President’s Council of Advisors on Science and Technology recently released a report entitled, “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward.”  It is a wonkish discourse on the future of health information technology.  The report offers an interesting glimpse at what may be the next, next … Continue Reading
LexBlog