Tag Archives: Health Privacy

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning.  To read … Continue Reading

Irish Data Protection Commissioner Releases 2016 Annual Report

By Denitsa Marinova On April 11, 2017, the Data Protection Commissioner of Ireland (DPC) published her annual report for 2016, highlighting key developments and activities for the past year and outlining priorities for 2017 and beyond.  The report will be of interest to Irish entities and multinational organizations with a base in Ireland, including companies … Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

UK Government Considering New Patient Data Security and Research Consent Standards, Sanctions

A new post on the Covington eHealth blog reports that the UK government is running a consultation around NHS patient data security standards and a new legal framework for secondary uses (e.g. research) of patient data.  To find out more about the proposals and the consultation, please click here.… Continue Reading

FDA Releases Draft Guidance on Dissemination of Patient-Specific Information by Device Manufacturers

Last month, the FDA released a draft guidance document on the sharing of patient-specific data associated with medical devices, including information recorded, stored, processed, retrieved, and/or derived from the device.  A new post on Covington’s Inside Medical Devices blog discusses the draft guidance and its implications for sharing patient information.… Continue Reading

EU Cyber Security Directive To Enter Into Force In August

The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year.  Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading

SAMHSA Proposes Changes to Confidentiality Rules

On Tuesday, February 9, the Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule to update regulations at 42 C.F.R. Part 2 that protect the confidentiality of alcohol and drug abuse patient records.  The regulations were originally promulgated in 1975 and last substantively updated in 1987.  SAMHSA intends for these updates to … Continue Reading

FTC Releases Agenda for First-Ever PrivacyCon

On Tuesday, the FTC announced the agenda for PrivacyCon, which is being billed as a “first-of-its-kind event” that will facilitate discussions between researchers and academics about privacy and security.  The FTC also released abstracts for the research that will be presented at the conference, scheduled for January 14.  PrivacyCon follows a call from the FTC … Continue Reading

Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers

On Friday, November 13, Federal Trade Commission (FTC) Chief Administrative Law Judge Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, on the ground that the Commission’s staff had failed to carry its burden of demonstrating a “likely substantial injury” to consumers resulting from LabMD’s allegedly “unfair” data security practices. While Judge Chappell’s … Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

Proposed Rule Would Amend Federal “Common Rule” Requirements

On September 8, 2015, sixteen federal agencies published a long-awaited Notice of Proposed Rulemaking (NPRM) to modernize the Federal Policy for the Protection of Human Subjects, known as the “Common Rule.” The proposal, available here, includes a number of changes related to privacy and data security and other changes relevant to entities seeking to conduct … Continue Reading

May 2015 EU mHealth Round-Up

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced … Continue Reading

HHS Updates Health Data Privacy and Security Guide

The  Office of the National Coordinator for Health Information (ONC) recently released an updated Guide to Privacy and Security of Electronic Health Information.  The guide aims to help individuals, providers, and the health IT community understand the role of HIPAA for interoperability of health information. This guide updates the previous version issued by the ONC … Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here … Continue Reading

Anthem Insurance Set to Brief Congress Two Days after Disclosing Cyber Attack

Just two days after disclosing publicly that it was “the target of a very sophisticated external cyber attack” in which the personal information of over 80 million customers was compromised, officials of Anthem Inc., the nation’s second largest health insurance company, are to brief staffers of the House Energy and Committee on the security breach.  … Continue Reading

HIPAA 2015 Enforcement Priorities Highlight Cyber Threats, But Timing of HIPAA Compliance Audits Still Uncertain

On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI.  For more information about the briefing, visit Covington’s eHealth blog.… Continue Reading

New California Health Privacy Law Goes into Effect

Many individuals are covered by health insurance but are not the policy holders for that coverage (e.g., the policy holder is a spouse or parent of the covered individual).  Routine communications sent by insurers, such as explanation of benefit letters or denial of claims notices, are often sent to the policy holder and may contain … Continue Reading

Client Event – Cyber Security Series, ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’

Please note that this event, originally scheduled for December 10, is being rescheduled for February 2015 – date TBC Covington’s London office will be hosting a breakfast seminar for clients on ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’ with The Chertoff Group.… Continue Reading

GAO Report Outlines Healthcare.gov’s Ongoing Privacy Issues

By Randall Friedland According to a GAO report published September 16th, Healthcare.gov, the health insurance exchange rolled out last October, still has significant privacy weaknesses. Specifically, the report outlined that despite the Centers for Medicare & Medicaid Services’ (CMS) efforts to increase the security and privacy of data that it processes, maintains, and shares with … Continue Reading

Ten Key Take-Aways From the White House Big Data Report

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a … Continue Reading

HHS Releases New Tool to Assist with HIPAA Risk Assessments

On March 28, HHS released new resources on risk analysis requirements under the HIPAA Security Rule.  The HIPAA Security Rule governs how electronic individually identifiable health information is maintained by covered entities and business associates.  In short, it requires covered entities and business associates to implement certain physical, administrative, and technical safeguards to protect the … Continue Reading

FTC Announces Settlement With Accretive Health Over Data Breach

The Federal Trade Commission (FTC) recently announced a settlement with Accretive Health, Inc., a provider of medical billing and revenue management services to hospitals.  The FTC’s complaint alleged that Accretive failed to provide reasonable and appropriate security for consumers’ personal information, and this failure constituted an unfair act or practice in violation of Section 5 … Continue Reading

House Republicans Signal Push for Data Breach Legislation

In the wake of the recent Target Corp. credit card data breach, Congress is once again turning its attention to data breach legislation. In a memorandum to Republican lawmakers on January 2, House Majority Leader Eric Cantor (R-Va.) stated that he intends to schedule legislation on security and breach notification requirements for federally facilitated healthcare … Continue Reading
LexBlog