Archives: HIPAA and Data Privacy

Subscribe to HIPAA and Data Privacy RSS Feed

ICO Rules UK Hospital-DeepMind Trial Failed to Comply with UK Data Protection Law

The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to sign an … Continue Reading

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

On May 11, 2017, the European Cloud in Health Advisory Council (ECHAC) – a group of healthcare organizations, technology companies and patient representatives  –  launched its second whitepaper focused on use of data to improve health outcomes and delivery of care. ECHAC launched the whitepaper at an eHealth Week 2017 session attended by ECHAC participants and … Continue Reading

Twenty-First Century Cures Act Includes HIPAA Provisions

On December 13, 2016, President Obama signed the 21st Century Cures Act (“Cures Act”), Pub. L. 114-255, which aims to expand medical research and expedite the approvals of drug therapies for patients.  The Cures Act also contains several provisions related to the HIPAA Privacy and Security Rules.  None of these provisions make substantive changes to … Continue Reading

HHS Issues Guidance on HIPAA and Cloud Providers

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs). In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate are considered business … Continue Reading

GAO Recommends that HHS Strengthen Privacy and Security Guidance and Oversight

Earlier this week the Government Accountability Office released a report critiquing the U.S. Department of Health and Humana Services’ (HHS) oversight of and guidance related to health information security and privacy. (The report is available here.) GAO cited the increasing incidence of hacking and other breaches, which affected over 113 million health records in 2015, … Continue Reading

UK Government Considering New Patient Data Security and Research Consent Standards, Sanctions

The UK Government has opened a consultation, running until September 7, 2016, regarding how UK National Health Service (NHS) patient data should be safeguarded, and how it could be used for purposes other than direct care (e.g. scientific research). The consultation comes after two parallel-track reviews of information governance and data security arrangements in the … Continue Reading

ONC Report to Congress Identifies Gaps in Oversight of Privacy and Security of mHealth Technologies and Health Social Media

Earlier this month the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC), released a report to Congress highlighting “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by certain “mHealth technologies” and “health social media.” mHealth technologies … Continue Reading

Significant HIPAA Fine Follows Business Associate’s Stolen iPhone

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently announced a significant settlement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a business associate under HIPAA, arising from a breach of protected health information (PHI) after the theft of an employee’s iPhone.  The iPhone … Continue Reading

FTC Releases Online Tool to Help Health App Developers Identify Applicable Laws

On April 5, the Federal Trade Commission (FTC), in conjunction with the Food and Drug Administration (FDA) and the Department of Health and Human Services (HHS), released a new web-based interactive tool to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and … Continue Reading

Senate HELP Committee Marks Up Precision Medicine, Other “Cures” Bills

Yesterday, the Senate Health, Education, Labor and Pensions (HELP) Committee held a final mark-up of legislation comprising the Committee’s counterpart to the House-passed 21st Century Cures Act.  The HELP Committee approved five bills including S. 2713 to advance the development of “precision medicine” through research and data sharing.  We have reported on the President’s precision medicine … Continue Reading

CMS Expands Scope of Enhanced Match for Promotion of Health IT

On February 29, 2016, the Centers for Medicare and Medicaid Services (CMS) issued a State Medicaid Directors Letter (SMDL) that expands the scope of expenditures eligible for the 90 percent federal match for activities to promote the use of a health information exchange (HIE) and the adoption of certified electronic health record (EHR) technology by … Continue Reading

Health Care Companies Agree to “Core Commitments” to Improve Access to EHR

Last month, the Department of Health and Human Services (HHS) announced that a number of large health care companies and providers had “agreed to implement three core commitments” to improve access to electronic health records (EHR).  HHS touted the commitments as a significant step toward increased EHR interoperability.… Continue Reading

After Two-Day Workshop, CDRH Releases Postmarket Cybersecurity Draft Guidance

Earlier today, on the InsideMedicalDevices blog, our colleague Christopher Hanson posted a summary of the FDA’s recent issuance of draft guidance on “Postmarket Management of Cybersecurity in Medical Devices.”  The release of the draft guidance coincided with the conclusion of a two-day public workshop hosted by the FDA entitled, “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.”  You … Continue Reading

Health Care Providers Continue to Lag Behind Patient Demand for Digital Communications

While Americans continue the trend towards replacing the traditional phone call with email and texts, health care providers have yet to catch on when interacting with their patients. A recent survey by Nielsen Strategic Health Perspectives found that less than a third of Americans have access to digital communications with their physicians: The survey found … Continue Reading

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers.  The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.  To read the post, click here.… Continue Reading

Report Outlines Plan for Precision Medicine Database

In a 107-page report, released last week, the White House set forth its plan to create and manage a database containing 1 million or more Americans’ medical records in furtherance of the Precision Medicine Initiative. As announced by President Obama during his 2015 State of the Union Address, the Precision Medicine Initiative was launched “to … Continue Reading

UK Government Launches Cybersecurity Service for Healthcare Organizations

Earlier today, on the InsidePrivacy blog, our colleagues Mark Young and Phil Bradley-Schmieg posted a summary of the UK government’s announcement of a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a … Continue Reading

Multistakeholder Group Seeks Comment on Draft Framework for IoT Device Manufactures

Last week, our colleague Libbie Cantor published a post on our InsidePrivacy blog regarding the Online Trust Alliance’s (OTA) release of a draft framework of best practices for Internet of Things device manufacturers and developers.  This draft framework applies to, among other things, eHealth technology, such as wearable fitness and health technologies.  The OTA is seeking comments on … Continue Reading

Hospital Fined for Using Unsecured File Sharing Application

A recent HIPAA enforcement action highlights the risk of health care providers using unsecured applications to store and share patient data. HHS reached a $218,499 settlement with St. Elizabeth’s Medical Center in Brighton, Massachusetts, a tertiary care hospital that offers both inpatient and outpatient services. The enforcement action followed allegations made to HHS in 2012 … Continue Reading

CMS Releases Additional Medicare Data; Expands Access to Data for “Commercial” Purposes

Last week, the Centers for Medicare & Medicaid Services (CMS) made additional Medicare data publicly available and expanded the permissible uses of other data. For the third consecutive year, CMS released hospital-specific data on inpatient and outpatient charges, Medicare payments, and utilization for common Medicare procedures.  CMS also released similar data on physicians and other … Continue Reading

May 2015 EU mHealth Round-Up

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced … Continue Reading
LexBlog