Health Data

On February 16, 2024, the U.S. Department of Health and Human Services (“HHS”) published a final rule to amend the Confidentiality of Substance Use Disorder (“SUD”) Patient Records regulations (“Part 2”) to more closely align Part 2 with the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) as required by Section 3221 of the 2020 Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”).  We previously covered the proposed rule (hereinafter, “the NPRM”), which was issued on December 2, 2022.

The final rule, issued through the Office for Civil Rights (“OCR”) and the Substance Abuse and Mental Health Services Administration (“SAMHSA”), increases alignment between certain Part 2 requirements and HIPAA and it clarifies certain existing Part 2 permissions and restrictions to improve the ability of entities to use and disclose Part 2 records. According to HHS, this final rule will decrease burdens on patients and providers, improve coordination of care and access to care and treatment, and protect the confidentiality of treatment records.Continue Reading HHS Publishes Final Rule to Align Part 2 and HIPAA

On September 27, 2023, Governor Newsom signed AB 254 and AB 352, which both amend the California Confidentiality of Medical Information Act (“CMIA”).  Specifically, AB 254 expands the scope of the CMIA to expressly cover reproductive or sexual health services that are delivered through digital health solutions and the associated health information generated from these services.  AB 352 imposes new requirements on how electronic health record (“EHR”) systems must store medical information related to gender affirming care, abortion and related services, and contraception and the ability of providers of health care, health care service plans, contractors, or employers to disclose such information.Continue Reading California Enacts Amendments to the CMIA

On September 15, the Federal Trade Commission (“FTC”) and U.S. Department of Health and Human Services (“HHS”) announced an updated joint publication describing the privacy and security laws and rules that impact consumer health data.  Specifically, the “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule” guidance provides an overview of the Health Insurance Portability and Accountability Act, as amended, and the implementing regulations issued by HHS (collectively “HIPAA”); the FTC Act; and the FTC’s Health Breach Notification Rule (“HBNR”) and how they may apply to businesses.  This joint guidance follows a recent surge of FTC enforcement in the health privacy space.  We offer a high level summary of the requirements flagged by the guidance.Continue Reading FTC and HHS Announce Updated Health Privacy Publication

The NHS has issued guidance on effective data partnerships, this blog summarises key terms for parties looking to collaborate on data driven projects with the NHS.
Continue Reading NHS Data Partnerships Guide – unlocking the benefits of data partnerships

Hot on the heels of recent announcements from the U.S. Food and Drug Administration (see our prior blogs here), the European Medicines Agency (“EMA”) has joined the conversation on the use of Artificial Intelligence (“AI”) and Machine Learning (“ML”) technologies in the medicinal product lifecycle.

AI and ML have the potential to enhance every

On March 23, 2023, FDA released a Framework for the use of digital health technologies in drug and biological product development (the “DHT Framework”).  This DHT Framework is on the heels of a Discussion Paper the Agency released earlier this month on the use of artificial intelligence (AI) in drug manufacturing to seek public input

Innovative digital solutions intended to address health issues typically experienced by women have been an area of increased focus.  Ranging from reproductive-related mobile applications to AI-enabled breast cancer screening devices, digital solutions for women+ health show promise to serve an enormous market with medical needs that have often failed to get the level of attention

On September 28, the governor of California signed into law AB 2089, which expands the scope of California’s Confidentiality of Medical Information Act (“CMIA”) to cover mental health services that are delivered through digital health solutions and the associated health information generated from these services. Continue Reading California Expands the Scope of the CMIA to Cover Certain Digital Mental Health Services and Information

On June 23, 2022, the German Federal Office for Information Security (“Office”) published technical guidelines on security requirements for healthcare apps, including mobile apps, web apps, and background systems.  Although the technical guidelines are aimed at healthcare app developers, they contain useful guidance for developers of any app that processes or stores sensitive

On January 21, the Federal Trade Commission (“FTC”) announced new resources to help companies determine their obligations under the Health Breach Notification Rule (the “Rule”): the Health Breach Notification Rule: Basics for Business, which provides a quick introduction to the Rule, and Complying with FTC’s Health Breach Notification Rule (“Compliance Guidance”), a more in-depth compliance guidance.  These resources follow the FTC’s September 2021 Policy Statement, which expanded the Rule’s application to the developers of health apps, connected devices, and similar products, and similarly emphasize the FTC’s continued scrutiny of health technology.
Continue Reading FTC Releases New Health Breach Notification Rule Guidance, Targets Health Apps and Connected Devices