The Ropes & Gray Decoding Digital Health podcast series discusses the digital health industry and related legal, business and regulatory issues. In this episode, Digital Health Initiative co-lead and health care partner, Christine Moundas, interviews health care partner and member of the digital health group, David Peloquin. They discuss the legal challenges and potential solutions
Four Months after Dobbs, Privacy Concerns Remain in the Spotlight
On June 24, 2022, the U.S. Supreme Court issued its ruling in Dobbs v. Jackson Women’s Health Organization, overturning Roe v. Wade and holding that there is no constitutionally protected right to abortion. The significance of the decision cannot be overstated. Dobbs not only rolled back the Court’s prior protection of reproductive rights, it also raised still-unanswered questions about the privacy of digital data and could lead to the overturning of other previous Court opinions that are similarly grounded in privacy interests. In sparking such questions, Dobbs appears to have reinvigorated a national conversation regarding the protection of personal information and, more generally, the need for stronger data privacy safeguards in the United States.…
Continue Reading Four Months after Dobbs, Privacy Concerns Remain in the Spotlight
Privacy of Health Information Post-Dobbs and OCR Guidance on the Protections Afforded under HIPAA
On June 24, 2022, the Supreme Court issued its opinion in Dobbs v. Jackson Women’s Health Organization, overturning precedent that protected access to abortion services before the point of fetal viability. Instead, the Supreme Court stated that state legislatures have the authority to regulate abortion, leading several states to enact laws banning the procedure…
FDA Updates Guidance on Cybersecurity Responsibilities for Medical Device Manufacturers
On April 8, 2022, the U.S. Food and Drug Administration (“FDA”) released a draft guidance document titled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The draft guidance, if finalized, would replace FDA’s 2014 final guidance document titled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” adding significant…
FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
Modern smartphones, wearables and internet-enabled devices are capable of monitoring heart rate, blood oxygen levels, steps taken, prescription adherence, and other vital health-related activities. Contrary to popular belief, HIPAA does not cover many of these applications and devices. On September 15, 2021, the Federal Trade Commission issued a Policy Statement attempting to assert authority to police that gap. The Policy Statement explains the FTC’s view that the Health Breach Notification Rule applies to mobile health applications. This Policy Statement signals increasing FTC scrutiny designed to safeguard sensitive health data on a variety of modern technologies that consumers use to monitor and improve their health.
Continue Reading FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
Possible Use of COVID Vaccine Passports Raises Data Protection Concerns
The debate surrounding vaccine passports to assist with the easing of lockdown restrictions and controlling the spread of COVID-19 continues to raise a number of concerns in the UK.
Although the use of such passports is apparently under consideration, such proposals raise a number of different ethical, scientific and legal issues. A recent Royal Society report sounded a note of caution, suggesting that 12 tests should be met by any such proposal. Among other things, vaccine passports would need to meet various ethical and legal standards, including in respect of data protection.
Continue Reading Possible Use of COVID Vaccine Passports Raises Data Protection Concerns
Universities and Hospitals Facing Increased Cyber Attacks
UPDATE July 17, 2020: Representatives of the U.S., British and Canadian governments reported yesterday that Russian hackers affiliated with known hacking group APT29 (or “Cozy Bear”) are targeting attacks on health care organizations researching COVID-19 vaccines. Cozy Bear, previously involved in the 2016 hacking of the Democratic National Committee, has reportedly been using spear-phishing and malware in an effort to steal the research. This announcement comes on the heels of a spate of attacks against research universities and health care organizations in recent months, described below.”
While the pandemic has brought economic downturn to many industries, a recent uptick in data security breaches suggests business is booming for cybercriminals. Universities and health care institutions dealing with the coronavirus have been particularly targeted by hackers attempting to exploit the current climate of confusion, urgency, and stress. In this post, we discuss the attacks and provide steps organizations can take to prevent and respond to breaches. …
Continue Reading Universities and Hospitals Facing Increased Cyber Attacks
European Guidelines Adopted on Health Data Processed in the Context of the Covid-19 Outbreak
On April 21, the European Data Protection Board (“EDPB”) released guidelines on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak (“Guidelines”).
The Guidelines note that the GDPR includes various provisions which permit health data to be collected and processed for scientific research purposes connected with COVID-19 and also envisages specific derogations to the prohibition on processing certain special categories of personal data, such as health data, where necessary for scientific research purposes.
Continue Reading European Guidelines Adopted on Health Data Processed in the Context of the Covid-19 Outbreak
Illinois’s Expansion of Access to Health Care via Telehealth Executive Order 2020-09 & Medicaid Emergency Rulemaking
On March 19, 2020, Governor Pritzker issued Executive Order 2020-09 (the “Executive Order”), expanding access to health care services for all Illinois residents provided through remote means during the term of the COVID-19 Gubernatorial Disaster Proclamation, which declares a state of disaster in Illinois. The Executive Order expands the technologies that may be used to deliver telehealth services and creates a coverage requirement for all medically necessary services delivered through telehealth. The Executive Order is followed by the recent CARES Act, which expands access to telehealth for Medicare beneficiaries, and the filing of an 1135 Waiver under the Social Security Act by the Illinois Department of Health and Family Services (“IDHS”) to expand its already broad Medicaid coverage of telehealth services.
Continue Reading Illinois’s Expansion of Access to Health Care via Telehealth Executive Order 2020-09 & Medicaid Emergency Rulemaking
The recent novel coronavirus (COVID-19) outbreak has caused significant disruption to the global economy, and it has the potential to create a lasting impact on the business operations of companies worldwide. We are advising our clients on several legal issues related to the situation, including workplace safety, data protection and business continuity, supply-chain disruption and more, as well as offering counsel in connection to specific challenges faced in various industries.
This list of frequently asked questions and answers provides some initial guidance on how to navigate and mitigate the challenges posed by events related to the coronavirus.…