Data Privacy

NHSX recently published “A Buyer’s Checklist for AI in Health and Care” (Guidance) that sets out 10 key questions which will be of use to parties deploying AI solutions or conducting data driven projects (in a health and care setting or otherwise).  For example, the Guidance highlights:

  • key data-related considerations, such

On April 2, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding the disclosure of protected health information (“PHI”) to public health authorities and use of PHI to perform analytics for such authorities.  Designed to “facilitate uses and disclosures for public health and health oversight activities during this nationwide public health emergency,” the Notification relaxes HHS’s enforcement of certain provisions of the Privacy Rule issued  under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  More specifically, the Notification announces that, under certain circumstances, HHS will not impose penalties for violations of such provisions against covered health care providers and their business associates for the use and disclosure of PHI “by business associates for public health and health oversight activities” in connection with the COVID-19 nationwide public health emergency.
Continue Reading HHS Seeks to Facilitate Certain Uses and Disclosures of Health Data to Public Health and Health Oversight Agencies Amidst COVID-19 Nationwide Public Health Emergency

On March 20, the Federal Communications Commission (“FCC”) on its own motion released a Declaratory Ruling to confirm that the COVID-19 pandemic constitutes an “emergency” under the Telephone Consumer Protection Act (“TCPA”); as a consequence, hospitals, health care providers, state and local health officials, and other government officials may lawfully communicate through automated or prerecorded calls (which include text messages) information about the coronavirus and mitigation measures to mobile telephone numbers and certain other numbers (such as those of first responders) without “prior express consent.”
Continue Reading FCC Clarifies that COVID-19 “Emergency Purposes” Calls/Text are Not Subject to “Prior Express Consent” Requirement

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.Continue Reading European Commission Presents Strategies for Data and AI (Part 1 of 4)

The Institute of Global Health Innovation at Imperial College London has published a report called “NHS data: Maximising its impact on the health and wealth of the United Kingdom” (the “Report”).[1] The Report begins from the premise that the knowledge gleaned from the combination of patient health data and “big data” technologies has incredible potential for “transformative …impact” on patient health, scientific advancement and the UK’s economy. However, the Report argues that the current efforts of scientists, medical professionals and the UK government to develop the UK’s capacities are not sufficiently coordinated to maximise that potential. To address this, the Report presents a single, high-level, strategic framework for the collection, governance and use of patient health data in the NHS.
Continue Reading New Report Recommends Putting Public Engagement at the Heart of NHS Health Data Strategy

Germany recently enacted a law that enables state health insurance schemes to reimburse costs related to the use of digital health applications (“health apps”), but the law requires the Federal Ministry of Health to first develop the reimbursement process for such apps.  Accordingly, on January 15, 2020, the German government published a draft regulation setting

On 13 August 2019, the European Commission opened a call for expression of interest to relaunch the eHealth Stakeholder Group with a view to supporting the “digital transformation of healthcare in the EU”. The eHealth Stakeholder Group was first launched in 2012 and in its first iteration (between 2012 and 2015), contributed to the development

On July 25, 2019, the UK’s Information Commissioner’s Office (“ICO”) published a blog on the trade-offs between different data protection principles when using Artificial Intelligence (“AI”).  The ICO recognizes that AI systems must comply with several data protection principles and requirements, which at times may pull organizations in different directions.  The blog identifies notable trade-offs that may arise, provides some practical tips for resolving these trade-offs, and offers worked examples on visualizing and mathematically minimizing trade-offs.

The ICO invites organizations with experience of considering these complex issues to provide their views.  This recent blog post on trade-offs is part of its on-going Call for Input on developing a new framework for auditing AI.  See also our earlier blog on the ICO’s call for input on bias and discrimination in AI systems here.Continue Reading ICO publishes blog post on AI and trade-offs between data protection principles

On July 16, 2019, the UK’s Information Commissioner’s Office (“ICO”) released a new draft Data sharing code of practice (“draft Code”), which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.  The draft Code focuses on the sharing of personal data between controllers, with a section referring to other ICO guidance on engaging processors.  The draft Code reiterates a number of legal requirements from the GDPR and DPA, while also including good practice recommendations to encourage compliance. The draft Code is currently open for public consultation until September 9, 2019, and once finalized, it will replace the existing Data sharing code of practice (“existing Code”).
Continue Reading ICO Launches Public Consultation on New Data Sharing Code of Practice

On June 10, 2019, the UK Government’s Digital Service and the Office for Artificial Intelligence released guidance on using artificial intelligence in the public sector (the “Guidance”).  The Guidance aims to provide practical guidance for public sector organizations when they implement artificial intelligence (AI) solutions.

The Guidance will be of interest to companies that provide AI solutions to UK public sector organizations, as it will influence what kinds of AI projects public sector organizations will be interested in pursuing, and the processes that they will go through to implement AI systems.  Because the UK’s National Health Service (NHS) is a public sector organization, this Guidance is also likely to be relevant to digital health service providers that are seeking to provide AI technologies to NHS organizations.

The Guidance consists of three sections: (1) understanding AI; (2) assessing, planning and managing AI; (3) using AI ethically and safely, as summarized below. The guidance also has links to summaries of examples where AI systems have been used in the public sector and elsewhere.Continue Reading UK Government’s Guide to Using AI in the Public Sector