Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

What You Need to Know about Changes to the Common Rule

The Final Rule published by the US Department of Health and Human Services on January 18, 2017, largely avoids major modifications to the Common Rule. However, it specifically addresses creation of biospecimen and data repositories and use of those repositories for secondary research. All stakeholders involved in federally funded research should be aware of the … Continue Reading

HHS Finalizes Overhaul of Federal Human Subjects Research Protections

On January 18, 2017, the Department of Health and Human Services (HHS) and 15 other federal agencies issued a final rule overhauling the federal human subjects research regulations known as the “Common Rule.” These are the first revisions to the Common Rule since its original enactment in 1991, and have been in progress since HHS … Continue Reading

OMB Reviewing Common Rule Overhaul

On January 4, 2017, the Department of Health and Human Services (HHS) submitted a draft final rule to amend the federal human research regulations to the Office of Management and Budget (OMB). These regulations, often referred to as the Common Rule, were originally developed in 1991 and have been adopted by multiple federal departments and … Continue Reading

The Joint Commission Puts the Brakes on Text Messaging Patient Orders

The Joint Commission (TJC) recently clarified that licensed independent providers (LIPs) or other practitioners may not utilize secure text messaging platforms to transmit patient care orders. TJC’s earlier position provided that use of secure text messaging platforms was an acceptable method to transmit such orders, provided that the use was in accordance with professional standards … Continue Reading

End of Year Attention to Health IT and Digital Health Tools in 21st Century Cures

On December 7, 2016, the US Congress approved the 21st Century Cures Act (Cures legislation), which is intended to accelerate the “discovery, development and delivery” of medical therapies by encouraging public and private biomedical research investment, facilitating innovation review and approval processes, and continuing to invest and modernize the delivery of health care. The massive … Continue Reading

ECJ Confirms Dynamic IP Address May Constitute Personal Data But Can Be Logged to Combat Cyberattacks

On 19 October 2016, the European Court of Justice (ECJ) held (Case C-582/14 – Breyer v Federal Republic of Germany) that dynamic IP addresses may constitute personal data. The ECJ also held that a website operator may collect and process IP addresses for the purpose of protecting itself against cyberattacks, because in the view of … Continue Reading

OCR Explains How Information Blocking Violates HIPAA

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently posted guidance (OCR guidance) clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a covered entity customer to protected health information (PHI) maintained by the vendor on behalf of the … Continue Reading

The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data … Continue Reading

Augmented Reality

If you haven’t heard about newest gaming craze yet, it’s based on what is called “augmented reality” (AR) and it could potentially impinge on your home life and workplace as such games allow users to “photograph” imaginary items overlaid with objects existing in the real world. An augmented reality game differs from “virtual reality” in … Continue Reading

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws. The HIPAA Security … Continue Reading

Brexit Update: The Effect of Brexit on Data Transfers between the United Kingdom and the European Union

With the United Kingdom having voted to leave the European Union (Brexit) on 23 June 2016, the free flow of personal data between the United Kingdom and EU and European Economic Area (EEA) countries is at risk. Even though Brexit will likely have the biggest impact on the financial sector, businesses in the United Kingdom … Continue Reading

AMA Approves New Ethical Guidance Policy and Encourages Telemedicine Training for Students and Residents

New Ethical Guidelines On June 13, the American Medical Association (AMA) adopted a new ethical guidance policy governing the practice of telemedicine that will be published in the coming months. The policy is based on a report from the AMA Council on Ethical and Judicial Affairs and builds upon the AMA’s 2014 telemedicine guidance. Consistent … Continue Reading

Louisiana Joins its Peers in Removing In-State Barriers to Telemedicine

Last week, Louisiana legislators approved the removal of certain restrictions on the delivery of telemedicine services to residents of Louisiana to encourage the provision of telemedicine services in the state.  H.B. No. 570 was signed by the President of the Senate on June 5, 2016 and sent to Governor John Bel Edwards on June 6, … Continue Reading

Mobile Health Tools, Developers Need Better Data Protection Guidance, Attorney Jennifer Geetter Says

After three government agencies collectively created an online tool to help developers navigate federal regulations impacting mobile health apps, McDermott partner Jennifer Geetter was interviewed by FierceMobileHealthcare on the need for mobile health development tools. Read the full article from FierceMobileHealthCare.… Continue Reading

FTC Weighs-in on Telehealth: Providing Comments Regarding Alaska’s Proposed Licensure and Standard of Care Requirements

In March 2016, the US Federal Trade Commission (“FTC”) staff submitted public comments regarding the telehealth provisions of a proposed state bill in Alaska demonstrating the FTC’s continued focus on health care competition and general discouragement of anti competitive conduct in health care markets, with a renewed interest and focus on telehealth.… Continue Reading

Developing and Implementing an Effective Telemedicine Informed Consent Form

The search by consumers, payers and providers for more efficient, effective and convenient care delivery models has led to an explosion of technological innovation in the health care sector. This explosion has supported the increased use of telemedicine by providers to reach patients who were previously out of reach, and to provide more timely and cost-effective … Continue Reading

Government Issues New Tool to Help Mobile App Developers Identify Applicable Federal Laws

This week, the Federal Trade Commission (FTC or Commission) released an interactive tool (entitled the “Mobile Health Apps Interactive Tool”) that is intended to help developers identify the federal law(s) that apply to apps that collect, create and share consumer information, including health information. The interactive series of questions and answers augments and cross-references existing … Continue Reading

Farewell ‘Safe Harbor,’ Hello ‘Privacy Shield’: Europe and U.S. Agree on New Rules for Transatlantic Data Transfer

After intense negotiations, and after the official deadline had passed on Sunday, 31 January 2016, the United States and the European Union have finally agreed on a new set of rules—the “EU-U.S. Privacy Shield”—for data transfers across the Atlantic. The Privacy Shield replaces the old Safe Harbor agreement, which was struck down by the European Court … Continue Reading

FDA Releases Draft Guidance on Postmarket Management of Cybersecurity in Medical Devices

On January 15, 2016,  the U.S. Food and Drug Administration (FDA) published a draft guidance entitled Postmarket Management of Cybersecurity in Medical Devices (Draft Guidance), which outlines FDA’s recommendations for managing postmarket cybersecurity vulnerabilities in medical devices that contain software or programmable logic and software that is a medical device, including networked medical devices. The … Continue Reading

FTC Report Alerts Organizations about the Risks and Rewards of Big Data Analytics

On January 6, the Federal Trade Commission (FTC) released a report that it hopes will educate organizations on the important laws and research that are relevant to big data analytics. The report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, looks specifically at how big data is used after it is collected … Continue Reading

China Released the Latest Classification Catalogue of Telecommunications Services (2015 Revision)

On December 28, 2015, the Ministry of Industry and Information Technology of China released the newly revised Classification Catalogue of Telecommunications Services, which is due to take effect as of March 1st, 2016. This round of revision has long been awaited since its last amendment in 2003, and is expected to reflect the advancement and … Continue Reading

States Begin 2016 with the Expansion of Telehealth Services

As we enter into the new year, the health industry continues to see expanded access to telehealth services.  After a whirlwind 2015 in which we saw over 200 telehealth-related bills introduced in 42 states, New York and Connecticut emerge as the first states in 2016 to implement laws that expand patients’ access to telehealth services. … Continue Reading

Safe Harbor Update: European Commission Reaffirms Commitment to a Safe Harbor Sequel

As we reported on October 19th, the Article 29 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data challenged the EU member states to “open discussions with the US” to find a viable alternative to the Safe Harbor program. Today, the European Commission (EC) issued a public statement confirming its commitment to … Continue Reading
LexBlog