On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of the Action Plan follows a number of high-profile incidents in recent years where healthcare providers across the European Union have been the target of cyber attacks.Continue Reading European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers
Biden Administration Rulemakings at Risk for Congressional Review Act Cancellation in New Congress
In a new post on the Inside Privacy blog, our colleagues discuss the potential risk for Congressional Review Act (CRA) cancellation of Biden Administration rulemakings under the newly assembled 119th Congress.
Continue Reading Biden Administration Rulemakings at Risk for Congressional Review Act Cancellation in New CongressHHS Issues Notice of Proposed Rulemaking to Update the HIPAA Security Rule
On January 6, 2025, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a notice of proposed rulemaking (the “proposed rule”), which proposes a number of significant updates to the HIPAA Security Rule. According to OCR’s announcement, the proposed rule seeks to “improve cybersecurity and better protect the U.S. health care system from a growing number of cyberattacks” and “better align the Security Rule with modern best practices in cybersecurity.” The preamble states that the proposed rule seeks to address common areas of non-compliance with the Security Rule identified by OCR in its recent investigations, as well as build on recommendations from the National Committee on Vital Health Statistics and guidelines and best practices recommended by other parts of the government, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST).
Below, we provide a brief summary of the proposed changes. The proposed rule is open for comment until March 7, 2025.Continue Reading HHS Issues Notice of Proposed Rulemaking to Update the HIPAA Security Rule
Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical Devices
On 1 July 2024, Germany has enacted stricter requirements for the processing of health data when using cloud-computing services. The new Section 393 SGB V aims to establish a uniform standard for the use of cloud-computing services in the statutory healthcare system which covers around 90% of the German population. In this blog
Continue Reading Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical Devices
Quantum Computing: Developments in the UK and US
This update focuses on how growing quantum sector investment in the UK and US is leading to the development and commercialization of quantum computing technologies with the potential to revolutionize and disrupt key sectors. This is a fast-growing area that is seeing significant levels of public and private investment activity. We take a look at how approaches differ in the UK and US, and discuss how a concerted, international effort is needed both to realize the full potential of quantum technologies and to mitigate new risks that may arise as the technology matures.
Quantum Computing
Quantum computing uses quantum mechanics principles to solve certain complex mathematical problems faster than classical computers. Whilst classical computers use binary “bits” to perform calculations, quantum computers use quantum bits (“qubits”). The value of a bit can only be zero or one, whereas a qubit can exist as zero, one, or a combination of both states (a phenomenon known as superposition) allowing quantum computers to solve certain problems exponentially faster than classical computers.
The applications of quantum technologies are wide-ranging and quantum computing has the potential to revolutionize many sectors, including life-sciences, climate and weather modelling, financial portfolio management and artificial intelligence (“AI”). However, advances in quantum computing may also lead to some risks, the most significant being to data protection. Hackers could exploit the ability of quantum computing to solve complex mathematical problems at high speeds to break currently used cryptography methods and access personal and sensitive data.
This is a rapidly developing area that governments are only just turning their attention to. Governments are focusing not just on “quantum-readiness” and countering the emerging threats that quantum computing will present in the hands of bad actors (the US, for instance, is planning the migration of sensitive data to post-quantum encryption), but also on ramping up investment and growth in quantum technologies. Continue Reading Quantum Computing: Developments in the UK and US
FDA Announces Workshop on AI Used In Drug & Biological Product Development
FDA recently announced that it will host a public workshop on August 6, 2024 focused on “Artificial Intelligence (AI) in Drug & Biological Product Development.” Aimed at bringing drug sponsors and AI experts together, the workshop, hosted in collaboration with the Clinical Trials Transformation Initiative, will feature presentations and a
Continue Reading FDA Announces Workshop on AI Used In Drug & Biological Product Development
UK MHRA Announces Intention To Recognize Certain International Approvals For Certain Medical Devices
On May 21, 2024, the UK Medicines and Healthcare products Regulatory Agency (“MHRA”) published a statement of policy intent for UK recognition of international regulatory approvals of certain medical devices (the “Statement”). The Statement follows the Government response to the 2021 consultation on the future regulation of medical devices in the UK that details an intention to introduce alternative routes to market for medical devices, such as utilizing approvals from other countries and Medical Device Single Audit Program (“MDSAP”) certificates, in addition to the current UK Conformity Assessed (“UKCA”) marking process.
The MHRA has already taken similar steps in the medicines space, adopting a new International Recognition Procedure (“IRP”) in January 2024.
In relation to devices, the Statement applies to certain medical devices placed on the market in Great Britain. For relevant devices, the MHRA proposes to recognize foreign approvals from regulators in Australia, Canada, EU/EEA and USA (which is a smaller number of acceptable regulators than under the MHRA’s IRP for medicines). The Statement expressly excludes a number of medical devices from international recognition, including software as a medical device (“SaMD”) (including AI as a medical device (“AIaMD”)) and companion diagnostic products approved via US 510(k) (a route which relies on equivalence to a predicate).
The proposed framework is a draft and the final version is expected to come into force in 2025 at the same time as future core regulations. It also remains the government’s intention to introduce transitional arrangements for UKCA marked devices at the same time.Continue Reading UK MHRA Announces Intention To Recognize Certain International Approvals For Certain Medical Devices
FTC Issues Final Rule to Expand Scope of the Health Breach Notification Rule
On Friday, April 26, 2024, the Federal Trade Commission (“FTC”) voted 3-2 to issue a final rule (the “final rule”) that expands the scope of the Health Breach Notification Rule (“HBNR”) to apply to health apps and similar technologies and broadens what constitutes a breach of security, among other updates. We previously covered the proposed rule, which was issued on May 18, 2023.Continue Reading FTC Issues Final Rule to Expand Scope of the Health Breach Notification Rule
MHRA Outlines New Strategic Approach to Artificial Intelligence
On April 30, 2024, the UK Medicines and Healthcare products Regulatory Agency (“MHRA”) outlined its strategic approach (“Approach”) to artificial intelligence (“AI”). The Approach is a response to the UK Government’s white paper: a pro-innovation approach to AI regulation and subsequent Secretary of State letter of 1 February 2024, and is the culmination of 12 months’ work by the MHRA to ensure the risks of AI are appropriately balanced with the potential transformative impact of AI in healthcare.
AI in Healthcare
AI has the potential to revolutionize the healthcare sector and improve health outcomes at every stage of healthcare provision – from preventative care through to diagnosis and treatment. AI can help in research and development by strengthening outcomes of clinical trials, as well as being used to improve the clinical care of patients by personalizing care, improving diagnosis and treatment, enhancing the delivery of care and health system efficiency, and supplementing healthcare professionals’ knowledge, skills and competencies. Continue Reading MHRA Outlines New Strategic Approach to Artificial Intelligence
EHDS Series – 5: European Health Data Space Governance, Enforcement and Timelines
In March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS). Although the text has not yet been formally adopted by all the European institutions, a number of interesting points can already be highlighted. This article focuses on the governance and enforcement of the EHDS; for an overview of the EHDS generally, see our first post in this series.
The final text of the EHDS was adopted by the European Parliament on 24 April 2024 and is expected to be formally adopted by the European Council in the coming months.Continue Reading EHDS Series – 5: European Health Data Space Governance, Enforcement and Timelines