Health Data

On September 15, the Federal Trade Commission (“FTC”) and U.S. Department of Health and Human Services (“HHS”) announced an updated joint publication describing the privacy and security laws and rules that impact consumer health data.  Specifically, the “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule” guidance provides an overview of the Health Insurance Portability and Accountability Act, as amended, and the implementing regulations issued by HHS (collectively “HIPAA”); the FTC Act; and the FTC’s Health Breach Notification Rule (“HBNR”) and how they may apply to businesses.  This joint guidance follows a recent surge of FTC enforcement in the health privacy space.  We offer a high level summary of the requirements flagged by the guidance.

Continue Reading FTC and HHS Announce Updated Health Privacy Publication

The NHS has issued guidance on effective data partnerships, this blog summarises key terms for parties looking to collaborate on data driven projects with the NHS.
Continue Reading NHS Data Partnerships Guide – unlocking the benefits of data partnerships

Hot on the heels of recent announcements from the U.S. Food and Drug Administration (see our prior blogs here), the European Medicines Agency (“EMA”) has joined the conversation on the use of Artificial Intelligence (“AI”) and Machine Learning (“ML”) technologies in the medicinal product lifecycle.

AI and ML have the potential to enhance every

On March 23, 2023, FDA released a Framework for the use of digital health technologies in drug and biological product development (the “DHT Framework”).  This DHT Framework is on the heels of a Discussion Paper the Agency released earlier this month on the use of artificial intelligence (AI) in drug manufacturing to seek public input

Innovative digital solutions intended to address health issues typically experienced by women have been an area of increased focus.  Ranging from reproductive-related mobile applications to AI-enabled breast cancer screening devices, digital solutions for women+ health show promise to serve an enormous market with medical needs that have often failed to get the level of attention

On September 28, the governor of California signed into law AB 2089, which expands the scope of California’s Confidentiality of Medical Information Act (“CMIA”) to cover mental health services that are delivered through digital health solutions and the associated health information generated from these services. 

Continue Reading California Expands the Scope of the CMIA to Cover Certain Digital Mental Health Services and Information

On June 23, 2022, the German Federal Office for Information Security (“Office”) published technical guidelines on security requirements for healthcare apps, including mobile apps, web apps, and background systems.  Although the technical guidelines are aimed at healthcare app developers, they contain useful guidance for developers of any app that processes or stores sensitive

On January 21, the Federal Trade Commission (“FTC”) announced new resources to help companies determine their obligations under the Health Breach Notification Rule (the “Rule”): the Health Breach Notification Rule: Basics for Business, which provides a quick introduction to the Rule, and Complying with FTC’s Health Breach Notification Rule (“Compliance Guidance”), a more in-depth compliance guidance.  These resources follow the FTC’s September 2021 Policy Statement, which expanded the Rule’s application to the developers of health apps, connected devices, and similar products, and similarly emphasize the FTC’s continued scrutiny of health technology.

Continue Reading FTC Releases New Health Breach Notification Rule Guidance, Targets Health Apps and Connected Devices

On Wednesday, October 6th, Governor Gavin Newsom signed SB 41, the Genetic Information Privacy Act, which expands genetic privacy protections for consumers in California, including those interacting with direct-to-consumer (“DTC”) genetic testing companies.  In a recent Covington Digital Health blog post, our colleagues discussed SB 41 and the growing patchwork of state genetic privacy

Last Friday, October 1, the Protecting DNA Privacy Act (HB 833), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA.  While the criminal penalties in HB 833 are notable, Florida is not alone in its focus