The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate are considered business … Continue Reading
Earlier this week the Government Accountability Office released a report critiquing the U.S. Department of Health and Humana Services’ (HHS) oversight of and guidance related to health information security and privacy. (The report is available here.) GAO cited the increasing incidence of hacking and other breaches, which affected over 113 million health records in 2015, … Continue Reading
The UK Government has opened a consultation, running until September 7, 2016, regarding how UK National Health Service (NHS) patient data should be safeguarded, and how it could be used for purposes other than direct care (e.g. scientific research). The consultation comes after two parallel-track reviews of information governance and data security arrangements in the … Continue Reading
Earlier this month the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC), released a report to Congress highlighting “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by certain “mHealth technologies” and “health social media.” mHealth technologies … Continue Reading
On March 27, 2016, New York became the first State to require electronic prescribing for both controlled and non-controlled substances and to provide for civil and criminal penalties for doctors failing to comply. Electronic prescribing means the patient no longer receives a paper prescription; rather, he or she chooses a pharmacy to which the electronic … Continue Reading
Earlier today, on the InsideMedicalDevices blog, our colleague Christopher Hanson posted a summary of the FDA’s recent issuance of draft guidance on “Postmarket Management of Cybersecurity in Medical Devices.” The release of the draft guidance coincided with the conclusion of a two-day public workshop hosted by the FDA entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.” You … Continue Reading
Last week, the chairmen and ranking members of the Senate Committee on Health, Education, Labor, and Pensions and the Senate Committee on Finance sent a letter to Andy Slavitt, Acting Administrator for the Centers for Medicare & Medicaid Services (“CMS”), and Jocelyn Samuels, Director of the Health and Human Services (“HHS”) Office for Civil Rights … Continue Reading
On November 2, 2015, the HHS Office of Inspector General (OIG) published its FY 2016 Work Plan, which summarizes new and ongoing activities that OIG plans to pursue with respect to HHS programs and operations during the fiscal year. The FY 2016 Work Plan includes a new review initiative to examine “whether FDA’s oversight of … Continue Reading
On October 20, 2015, the U.S. Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) released its top ten Regulatory Science Priorities for FY 2016 to facilitate improvements in the safety and effectiveness of medical devices and accelerate innovation. Several of the priorities would harness health information technology or health data to … Continue Reading
Earlier today, on the InsidePrivacy blog, our colleagues Mark Young and Phil Bradley-Schmieg posted a summary of the UK government’s announcement of a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system. The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a … Continue Reading
Last week, our colleague Libbie Cantor published a post on our InsidePrivacy blog regarding the Online Trust Alliance’s (OTA) release of a draft framework of best practices for Internet of Things device manufacturers and developers. This draft framework applies to, among other things, eHealth technology, such as wearable fitness and health technologies. The OTA is seeking comments on … Continue Reading
Earlier this week, our colleague Bianca Nunes published a post on cybersecurity risks with connected devices on Covington’s InsideMedicalDevices blog. This post describes the FDA’s increasing focus on promoting cybersecurity, as well as a draft practice guide for securing health records maintained on mobile devices published by the National Institute of Standards and Technology (NIST).… Continue Reading
The National Cybersecurity Center of Excellence (“NCCoE”) has released a draft for public comment of the first guide in a new series of publications “that will show businesses and other organizations how to improve their cybersecurity using standards-based, commercially available or open-source tools.” The guide discusses how to secure electronic health records on mobile devices. … Continue Reading
Last week, as part of our Life Sciences Essentials series, Covington hosted a webinar discussion of issues facing life sciences companies as they increasingly utilize cloud services to collect, aggregate, store and process data. The webinar is available here, and the slides can be viewed here. Panelists and topics included: Anna Kraus — HIPAA and … Continue Reading
A new study out by the Ponemon Institute finds that criminal attacks, rather than accidents or technological failures, are the leading cause of data breaches. The report finds that cyber-criminals are increasingly targeting health care providers and business associates for the vast amounts of personal data held by these entities, and that these attacks are … Continue Reading
Join Covington for a webinar discussion of issues facing life sciences companies as they increasingly utilize cloud services to collect, aggregate, store and process data as part of our Life Sciences Essentials series. May 13, 2015 12:30 p.m. – 2:00 p.m. EDT 9:30 a.m. – 11:00 a.m. PDT 4:30 p.m. – 6:00 p.m. GMT Click … Continue Reading
On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI. Samuels highlighted an increase in infiltration of computer networks reported under the breach … Continue Reading
This year’s State of the Union address included little explicit discussion of health IT, but did highlight two areas that could have significant implications for health IT: the President announced a new “Precision Medicine Initiative” and also urged Congress to pass legislation to combat cyber attacks and prevent identity theft. While the address was scant … Continue Reading
