On May 13, 2025, the Centers for Medicare & Medicaid Services (CMS) and the Department of Health and Human Services’ Office of the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) announced a request for information seeking stakeholder input on the market of digital

Continue Reading CMS & HHS Health IT Office Issue Request for Information on Digital Health Products and Health Technology Infrastructure

On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of the Action Plan follows a number of high-profile incidents in recent years where healthcare providers across the European Union have been the target of cyber attacks.Continue Reading European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers

In a new post on the Inside Privacy blog, our colleagues discuss the potential risk for Congressional Review Act (CRA) cancellation of Biden Administration rulemakings under the newly assembled 119th Congress.

Continue Reading Biden Administration Rulemakings at Risk for Congressional Review Act Cancellation in New Congress

On January 6, 2025, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a notice of proposed rulemaking (the “proposed rule”), which proposes a number of significant updates to the HIPAA Security Rule.  According to OCR’s announcement, the proposed rule seeks to “improve cybersecurity and better protect the U.S. health care system from a growing number of cyberattacks” and “better align the Security Rule with modern best practices in cybersecurity.” The preamble states that the proposed rule seeks to address common areas of non-compliance with the Security Rule identified by OCR in its recent investigations, as well as build on recommendations from the National Committee on Vital Health Statistics and guidelines and best practices recommended by other parts of the government, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST).

Below, we provide a brief summary of the proposed changes. The proposed rule is open for comment until March 7, 2025.Continue Reading HHS Issues Notice of Proposed Rulemaking to Update the HIPAA Security Rule

On 1 July 2024, Germany has enacted stricter requirements for the processing of health data when using cloud-computing services. The new Section 393 SGB V aims to establish a uniform standard for the use of cloud-computing services in the statutory healthcare system which covers around 90% of the German population. In this blog

Continue Reading Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical Devices

This update focuses on how growing quantum sector investment in the UK and US is leading to the development and commercialization of quantum computing technologies with the potential to revolutionize and disrupt key sectors.  This is a fast-growing area that is seeing significant levels of public and private investment activity.  We take a look at how approaches differ in the UK and US, and discuss how a concerted, international effort is needed both to realize the full potential of quantum technologies and to mitigate new risks that may arise as the technology matures.

Quantum Computing

Quantum computing uses quantum mechanics principles to solve certain complex mathematical problems faster than classical computers.  Whilst classical computers use binary “bits” to perform calculations, quantum computers use quantum bits (“qubits”).  The value of a bit can only be zero or one, whereas a qubit can exist as zero, one, or a combination of both states (a phenomenon known as superposition) allowing quantum computers to solve certain problems exponentially faster than classical computers. 

The applications of quantum technologies are wide-ranging and quantum computing has the potential to revolutionize many sectors, including life-sciences, climate and weather modelling, financial portfolio management and artificial intelligence (“AI”).  However, advances in quantum computing may also lead to some risks, the most significant being to data protection.  Hackers could exploit the ability of quantum computing to solve complex mathematical problems at high speeds to break currently used cryptography methods and access personal and sensitive data. 

This is a rapidly developing area that governments are only just turning their attention to.  Governments are focusing not just on “quantum-readiness” and countering the emerging threats that quantum computing will present in the hands of bad actors (the US, for instance, is planning the migration of sensitive data to post-quantum encryption), but also on ramping up investment and growth in quantum technologies. Continue Reading Quantum Computing: Developments in the UK and US

FDA recently announced that it will host a public workshop on August 6, 2024 focused on “Artificial Intelligence (AI) in Drug & Biological Product Development.”  Aimed at bringing drug sponsors and AI experts together, the workshop, hosted in collaboration with the Clinical Trials Transformation Initiative, will feature presentations and a

Continue Reading FDA Announces Workshop on AI Used In Drug & Biological Product Development

On May 21, 2024, the UK Medicines and Healthcare products Regulatory Agency (“MHRA”) published a statement of policy intent for UK recognition of international regulatory approvals of certain medical devices (the “Statement”).  The Statement follows the Government response to the 2021 consultation on the future regulation of medical devices in the UK that details an intention to introduce alternative routes to market for medical devices, such as utilizing approvals from other countries and Medical Device Single Audit Program (“MDSAP”) certificates, in addition to the current UK Conformity Assessed (“UKCA”) marking process.

The MHRA has already taken similar steps in the medicines space, adopting a new International Recognition Procedure (“IRP”) in January 2024.

In relation to devices, the Statement applies to certain medical devices placed on the market in Great Britain.  For relevant devices, the MHRA proposes to recognize foreign approvals from regulators in Australia, Canada, EU/EEA and USA (which is a smaller number of acceptable regulators than under the MHRA’s IRP for medicines).  The Statement expressly excludes a number of medical devices from international recognition, including software as a medical device (“SaMD”) (including AI as a medical device (“AIaMD”)) and companion diagnostic products approved via US 510(k) (a route which relies on equivalence to a predicate).

The proposed framework is a draft and the final version is expected to come into force in 2025 at the same time as future core regulations.  It also remains the government’s intention to introduce transitional arrangements for UKCA marked devices at the same time.Continue Reading UK MHRA Announces Intention To Recognize Certain International Approvals For Certain Medical Devices

On Friday, April 26, 2024, the Federal Trade Commission (“FTC”) voted 3-2 to issue a final rule (the “final rule”) that expands the scope of the Health Breach Notification Rule (“HBNR”) to apply to health apps and similar technologies and broadens what constitutes a breach of security, among other updates.  We previously covered the proposed rule, which was issued on May 18, 2023.Continue Reading FTC Issues Final Rule to Expand Scope of the Health Breach Notification Rule