Archives: Privacy

Subscribe to Privacy RSS Feed

Health Care Task Force Pre-Releases Report on Cybersecurity Days Before Ransomware Attack

Last week, the Health Care Industry Cybersecurity (HCIC) Task Force (the “Task Force”) published a pre-release copy of its report on improving cybersecurity in the health care industry.  The Task Force was established by Congress under the Cybersecurity Act of 2015.  The Task Force is charged with addressing challenges in the health care industry “when … Continue Reading

FDA Releases Draft Guidance on Dissemination of Patient-Specific Information by Device Manufacturers

Last month, the FDA released a draft guidance document on the sharing of patient-specific data associated with medical devices, including information recorded, stored, processed, retrieved, and/or derived from the device.  FDA noted that patients increasingly seek to play an active role in their own health care and that providing patients access to information regarding medical … Continue Reading

FDA Releases Draft Guidance on the Use of EHRs in Clinical Investigations

On May 17, 2016, FDA issued draft guidance encouraging clinical investigators to make their electronic data capture (“EDC”) systems interoperable with health care organizations’ electronic health records (“EHRs”).  Although EHRs are generally under the control of health care organizations and institutions (not FDA-regulated entities such as sponsors), when records are used in clinical investigations, FDA … Continue Reading

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

On October 5, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services launched a new platform to enable developers of mobile health technology, as well as others “interested in the intersection of health information technology and HIPAA privacy protection.” OCR notes that there is currently “an explosion of technology … Continue Reading

Multistakeholder Group Seeks Comment on Draft Framework for IoT Device Manufactures

Last week, our colleague Libbie Canter published a post on a draft framework for Internet of Things (IoT) device manufacturers.  This post describes the Online Trust Alliance’s draft framework for best practices for IoT manufacturers and developers, such as connected home devices and wearable fitness and health technologies.  The OTA is seeking comments on its draft framework … Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety, … Continue Reading

UK Data Protection Regulator Surveys Use of Smart Medical Devices

The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps. The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance and incident response … Continue Reading

FDA Launches OpenFDA To Ease Access to FDA Datasets — Which Creates Opportunities for Developers of Mobile Medical Apps

Last week, FDA launched openFDA­—its new, open government initiative.  Created in response to an executive order on transparency, openFDA will provide access to many of the agency’s health data sets.  FDA is encouraging developers of websites and mobile medical apps to process FDA’s health data so it is more useful for the public, clinicians, and … Continue Reading

Analyst Report Indicates that Health Care Organizations, Including Internet-connected Medical Devices, Are Vulnerable to Attack

A recent analyst report indicates that health care organizations and internet-connected medical devices are increasingly vulnerable to cyber-attacks. The Health Care Cyberthreat Report was issued in February 2014 by the SANS Institute, which describes itself as a cooperative research and education organization that is a source of cybersecurity training, security certification, and research information.… Continue Reading

HHS OIG Releases Report on HIPAA Enforcement Efforts

Recently, the Office of Inspector General (OIG) at HHS released a report on the HIPAA enforcement efforts of HHS’s Office for Civil Rights (OCR).  Specifically, the OIG looked at whether OCR’s efforts to enforce HIPAA’s Security Rule were adequate.  The OIG’s findings may lead to increased enforcement efforts by OCR.… Continue Reading

Privacy Impact Assessments – Soon Compulsory for Companies in the Life Sciences Industry?

As discussed in our previous post on our sister blog Inside EU LifeSciences, Privacy Impact Assessments (PIAs) or data protection impact assessments used to be discussed in the context of specific technologies or industry sectors (see, for instance, the European Commission’s recommendations in relation to applications supported by radio-frequency identification (RFID) and the development of smart grids). However, … Continue Reading

New HIPAA Rule Brings New Requirements for Business Associates

On January 17, 2013, the U.S. Department of Health and Human Services (HHS) released its long-awaited final rule implementing the changes required by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.  The omnibus final rule (available here) modifies many of the obligations applicable to covered entities and business associates under … Continue Reading
LexBlog