Archives: Data Security

Subscribe to Data Security RSS Feed

Top Tips and Traps for Cyber Insurance Buyers

Although the National Cybersecurity Awareness Month of October has come to a close, it is not too late for corporate counsel and risk managers to be thinking about cyber-risk insurance — an increasingly essential tool in the enterprise risk management toolkit. But a prospective policyholder purchasing cyber insurance for the first time may be hard … Continue Reading

Digital Health Checkup (Part Two): Key Commercial Questions When Contracting for Digital Health Solutions

In the second of a three-part series, Covington’s global cross-practice Digital Health team considers some additional key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Commercial Questions When Contracting for Digital … Continue Reading

Digital Health Checkup: Key Questions Market Players Should Be Asking (Part One)

In the first of a three-part series, Covington’s global cross-practice Digital Health team answers key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle. Key Regulatory Questions About Digital Health Solutions 1. What are … Continue Reading

Bar to Data Breach Litigation May Be Dropping; Implications for Digital Health Technologies

At the beginning of August, the D.C. Circuit found that the fact that a data breach has occurred and individual consumer information has been lost may constitute sufficient injury to confer standing on those individual victims at the pleading stage–irrespective of whether any stolen information has been misused. Specifically, Attias, et al. v. CareFirst, Inc., … Continue Reading

HHS Issues Guidance on HIPAA and Cloud Providers

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate are considered business … Continue Reading

GAO Recommends that HHS Strengthen Privacy and Security Guidance and Oversight

Earlier this week the Government Accountability Office released a report critiquing the U.S. Department of Health and Humana Services’ (HHS) oversight of and guidance related to health information security and privacy. (The report is available here.) GAO cited the increasing incidence of hacking and other breaches, which affected over 113 million health records in 2015, … Continue Reading

UK Government Considering New Patient Data Security and Research Consent Standards, Sanctions

The UK Government has opened a consultation, running until September 7, 2016, regarding how UK National Health Service (NHS) patient data should be safeguarded, and how it could be used for purposes other than direct care (e.g. scientific research). The consultation comes after two parallel-track reviews of information governance and data security arrangements in the … Continue Reading

ONC Report to Congress Identifies Gaps in Oversight of Privacy and Security of mHealth Technologies and Health Social Media

Earlier this month the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC), released a report to Congress highlighting “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by certain “mHealth technologies” and “health social media.” mHealth technologies … Continue Reading

HHS Proposes Rule to Increase ONC Review and Oversight of Certified Health IT

The U.S. Department of Health and Human Services and the Office of the National Coordinator for Health Information Technology (ONC) recently proposed a rule to enhance ONC oversight and accreditation of health IT.  Under the rule, the ONC’s primary goal would be to work with health IT developers to remedy any non-conformities with certified health … Continue Reading

After Two-Day Workshop, CDRH Releases Postmarket Cybersecurity Draft Guidance

Earlier today, on the InsideMedicalDevices blog, our colleague Christopher Hanson posted a summary of the FDA’s recent issuance of draft guidance on “Postmarket Management of Cybersecurity in Medical Devices.”  The release of the draft guidance coincided with the conclusion of a two-day public workshop hosted by the FDA entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.”  You … Continue Reading

Senators Request Information from HHS About Medical Identity Theft Efforts

Last week, the chairmen and ranking members of the Senate Committee on Health, Education, Labor, and Pensions and the Senate Committee on Finance sent a letter to Andy Slavitt, Acting Administrator for the Centers for Medicare & Medicaid Services (“CMS”), and Jocelyn Samuels, Director of the Health and Human Services (“HHS”) Office for Civil Rights … Continue Reading

Report Outlines Plan for Precision Medicine Database

In a 107-page report, released last week, the White House set forth its plan to create and manage a database containing 1 million or more Americans’ medical records in furtherance of the Precision Medicine Initiative. As announced by President Obama during his 2015 State of the Union Address, the Precision Medicine Initiative was launched “to … Continue Reading

UK Government Launches Cybersecurity Service for Healthcare Organizations

Earlier today, on the InsidePrivacy blog, our colleagues Mark Young and Phil Bradley-Schmieg posted a summary of the UK government’s announcement of a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a … Continue Reading

Multistakeholder Group Seeks Comment on Draft Framework for IoT Device Manufactures

Last week, our colleague Libbie Cantor published a post on our InsidePrivacy blog regarding the Online Trust Alliance’s (OTA) release of a draft framework of best practices for Internet of Things device manufacturers and developers.  This draft framework applies to, among other things, eHealth technology, such as wearable fitness and health technologies.  The OTA is seeking comments on … Continue Reading

Cybersecurity Risks with Connected Devices

Earlier this week, our colleague Bianca Nunes published a post on cybersecurity risks with connected devices on Covington’s InsideMedicalDevices blog.  This post describes the FDA’s increasing focus on promoting cybersecurity, as well as a draft practice guide for securing health records maintained on mobile devices published by the National Institute of Standards and Technology (NIST).… Continue Reading

Comments Requested on Draft Guide on Securing Electronic Health Records on Mobile Devices

The National Cybersecurity Center of Excellence (“NCCoE”) has released a draft for public comment of the first guide in a new series of publications “that will show businesses and other organizations how to improve their cybersecurity using standards-based, commercially available or open-source tools.” The guide discusses how to secure electronic health records on mobile devices. … Continue Reading

Department of Defense Contract To Overhaul Electronic Health Records System

The Department of Defense (DOD) is expected to select a contractor sometime this summer to modernize its electronic health records (EHR) system. The DOD’s $11 billion Healthcare Management Systems Modernization Electronic Health Record program will replace the agency’s existing EHR system, which supports more than 9.7 million beneficiaries, including active duty personnel, retirees, and their … Continue Reading

May 2015 EU mHealth Round-Up

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced … Continue Reading

Moving to the Cloud: Privacy and Other Key Considerations for Healthcare Entities

Last week, as part of our Life Sciences Essentials series, Covington hosted a webinar discussion of issues facing life sciences companies as they increasingly utilize cloud services to collect, aggregate, store and process data. The webinar is available here, and the slides can be viewed here. Panelists and topics included: Anna Kraus — HIPAA and … Continue Reading

Cyber Attacks on Health Data Increasing, Primary Cause of Data Breaches, Group Finds

A new study out by the Ponemon Institute finds that criminal attacks, rather than accidents or technological failures, are the leading cause of data breaches. The report finds that cyber-criminals are increasingly targeting health care providers and business associates for the vast amounts of personal data held by these entities, and that these attacks are … Continue Reading

Webinar Invite: Moving to the Cloud: Privacy and Other Key Considerations for Healthcare Entities

Join Covington for a webinar discussion of issues facing life sciences companies as they increasingly utilize cloud services to collect, aggregate, store and process data as part of our Life Sciences Essentials series. May 13, 2015 12:30 p.m. – 2:00 p.m. EDT 9:30 a.m. – 11:00 a.m. PDT 4:30 p.m. – 6:00 p.m. GMT Click … Continue Reading

Moving to the Cloud: Some Key Considerations for Healthcare Entities

Healthcare providers, health plans, and other entities are increasingly utilizing cloud services to collect, aggregate, store and process data.  A recent report by IDC Health Insights suggests that 80 percent of healthcare data is expected to pass through the cloud by 2020.  As a substantial amount of healthcare data comprises “personal information” or “protected health … Continue Reading
LexBlog