Data Privacy

On 1 July 2024, Germany has enacted stricter requirements for the processing of health data when using cloud-computing services. The new Section 393 SGB V aims to establish a uniform standard for the use of cloud-computing services in the statutory healthcare system which covers around 90% of the German population. In this blog

Continue Reading Germany enacts stricter requirements for the processing of Health Data using Cloud-Computing – with potential side effects for Medical Research with Pharmaceuticals and Medical Devices

This update focuses on how growing quantum sector investment in the UK and US is leading to the development and commercialization of quantum computing technologies with the potential to revolutionize and disrupt key sectors.  This is a fast-growing area that is seeing significant levels of public and private investment activity.  We take a look at how approaches differ in the UK and US, and discuss how a concerted, international effort is needed both to realize the full potential of quantum technologies and to mitigate new risks that may arise as the technology matures.

Quantum Computing

Quantum computing uses quantum mechanics principles to solve certain complex mathematical problems faster than classical computers.  Whilst classical computers use binary “bits” to perform calculations, quantum computers use quantum bits (“qubits”).  The value of a bit can only be zero or one, whereas a qubit can exist as zero, one, or a combination of both states (a phenomenon known as superposition) allowing quantum computers to solve certain problems exponentially faster than classical computers. 

The applications of quantum technologies are wide-ranging and quantum computing has the potential to revolutionize many sectors, including life-sciences, climate and weather modelling, financial portfolio management and artificial intelligence (“AI”).  However, advances in quantum computing may also lead to some risks, the most significant being to data protection.  Hackers could exploit the ability of quantum computing to solve complex mathematical problems at high speeds to break currently used cryptography methods and access personal and sensitive data. 

This is a rapidly developing area that governments are only just turning their attention to.  Governments are focusing not just on “quantum-readiness” and countering the emerging threats that quantum computing will present in the hands of bad actors (the US, for instance, is planning the migration of sensitive data to post-quantum encryption), but also on ramping up investment and growth in quantum technologies. Continue Reading Quantum Computing: Developments in the UK and US

In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS).  For now, we only have a work-in-progress draft version of the text, but a number of interesting points can already be highlighted. This article focuses on the implications for “wellness applications” and medical devices; for an overview of the EHDS generally, see our first post in this series.

The final text of the EHDS was adopted by the European Parliament on 24 April 2024 and is expected to be formally adopted by the European Council in the coming months.Continue Reading EHDS Series – 4: The European Health Data Space’s Implications for “Wellness Applications” and Medical Devices

Innovative digital solutions intended to address health issues typically experienced by women have been an area of increased focus.  Ranging from reproductive-related mobile applications to AI-enabled breast cancer screening devices, digital solutions for women+ health show promise to serve an enormous market with medical needs that have often failed to

Continue Reading 5 Reasons Digital Solutions for Women+ Health Will Grow in 2023

On Wednesday, October 6th, Governor Gavin Newsom signed SB 41, the Genetic Information Privacy Act, which expands genetic privacy protections for consumers in California, including those interacting with direct-to-consumer (“DTC”) genetic testing companies.  In a recent Covington Digital Health blog post, our colleagues discussed SB 41 and the growing
Continue Reading California Governor Signs Legislation to Expand Genetic Privacy Protections After Last Year’s Veto

Last Friday, October 1, the Protecting DNA Privacy Act (HB 833), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA.  While the criminal penalties in HB 833 are notable, Florida is
Continue Reading Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws

The Federal Trade Commission (“FTC”) announced this month a proposed settlement against Flo Health, Inc. (“Flo”), the developer of popular menstrual cycle and fertility-tracking application (the “Flo App”), resolving allegations that “the company shared the health information of users with outside data analytics providers after promising that such information would be kept private.”  The proposed settlement requires Flo, among other things, to obtain review by an “independent third-party professional” of its privacy practices, obtain users’ consent before sharing their health information, alert users whose data was disclosed, and require third-parties that previously received that data to destroy it.
Continue Reading FTC Reaches Settlement with Digital Health App, Requires First Notice of Privacy Action

On 11 November 2020, the European Data Protection Board (“EDPB”) issued two draft recommendations relating to the rules on how organizations may lawfully transfer personal data from the EU to countries outside the EU (“third countries”).  These draft recommendations, which are non-final and open for public consultation until 30 November 2020, follow the EU Court of Justice (“CJEU”) decision in Case C-311/18 (“Schrems II”).  (For a more in-depth summary of the CJEU decision, please see our blog post here and our audiocast here. The EDPB also published on 24 July 2020 FAQs on the Schrems II decision here).

The two recommendations adopted by the EDPB are:

Continue Reading EDPB adopts recommendations on international data transfers following Schrems II decision

Our colleagues at the Inside Privacy blog have summarized a proposed bill in California (the Genetic Information Privacy Act) that would impose certain privacy obligations on direct-to-consumer genetic testing companies that go beyond the California Consumer Privacy Act.  This summary may be of interest to entities that process genetic data
Continue Reading California Legislature Advances Privacy Legislation

Public-health researchers, officials and medical professionals rely on data to track outbreaks, advance research, and evaluate prospective treatments. One critical source of patient data comes from electronic health records (EHRs).  EHR data in the U.S. has traditionally been siloed within hospital IT systems, but the federal government and key healthcare
Continue Reading EHR Interoperability: Public Health Benefits & Privacy Considerations