Data Protection

Subscribe to Data Protection RSS Feed

Australian Privacy Regulator Commences Penalty Proceedings Against Medibank

On 5 June 2024, the Australian Information Commissioner commenced civil penalty proceedings in the Australian Federal Court against Medibank Private Limited (an Australian health insurance provider) in relation to an October 2022 data breach. On 25 October 2022, Medibank notified the Office of the Australian Information Commissioner (OAIC) of a data breach concerning sensitive personal … Continue Reading

Are you Ready for Washington and Nevada’s Consumer Health Data Laws?

Washington’s My Health My Data Act (“MHMDA”) and Nevada’s SB 370 (“NV CHD Law”) (collectively, “CHD Laws”) went into effect at the end of last month, on March 31, 2024 (as many know, MHMDA’s geofencing prohibition went into effect last summer). Unlike the Health Insurance Portability and Accountability Act (“HIPAA”), a federal law which governs privacy and security … Continue Reading

President Biden Announces Groundbreaking Restrictions on Access to Americans’ Sensitive Personal Data by Countries of Concern

On February 28, 2024, President Biden issued a groundbreaking executive order (EO) establishing the framework for new restrictions on transactions involving US persons’ sensitive personal data and “countries of concern,” including China, or related parties.… Continue Reading

Singapore Consults on Groundbreaking Health Information Bill

On December 11, 2023, Singapore’s Ministry of Health launched a public consultation exercise on a proposed Health Information Bill (Bill), with a draft expected to be tabled in Parliament in the first half of 2024. Whilst extensive industry consultations have been conducted on the proposed provisions of the Bill involving 39 focus groups and over … Continue Reading

Singapore to Pass Comprehensive Health Data Law

On December 4, 2023, Singapore’s Ministry of Health (Ministry) announced that the nation’s first ever comprehensive health data law, the Health Information Bill (Bill), will be introduced in mid-2024. A set of Cyber & Data Security Guidelines for Healthcare Providers (Guidelines) was also published. Of particular importance is that these Guidelines will frame and eventually … Continue Reading

Considering DPF Certification? It May be Worth Considering APEC Certifications, Too

It has become commonplace to talk about compliance becoming more and more of a challenge amidst the increasing complexities and fragmentation of regulations worldwide. Data protection compliance is no exception. As new requirements continue to mushroom across the globe with escalating frequency and accompanied by heightened repercussions for any failure to meet expected standards, global … Continue Reading

Singapore Updates Data Privacy Rules for Healthcare Sector

Nine years after its initial inception, Singapore’s data protection authority (Commission) published in September 2023 an updated set of advisory guidelines for the healthcare sector (Revised Guidelines). As with other advisory guidelines issued by the Commission, the Revised Guidelines are not intended to be legally binding, but will guide the interpretation and enforcement of Singapore’s … Continue Reading

Join us on September 28 for a Webinar on Washington’s My Health My Data Act and other Consumer Health Data Regulation

With its private right of action and expansive scope – extending far beyond Washington state’s borders and applying to a wide swath of health- and non-health-oriented companies alike – Washington’s My Health My Data Act is poised to be more ground-shifting than any other consumer privacy law that came before it. Join Kyle Fath, Bola … Continue Reading

The Impact of India’s New Privacy Law on Healthcare

In August 2023, India’s Digital Personal Data Protection Act (Act) received presidential assent, formalizing its first ever comprehensive and union-wide data protection law. The Act differs in many respects from a preceding version that was withdrawn in 2022, and reflects intensive discussion and revisions since then. In its final form, the Act reflects the central … Continue Reading

Florida Electronic Health Records Exchange Act Amended – Health Records Maintained by Qualifying Health Care Providers Must Be Stored in the U.S., U.S. Territories, and Canada Only

On May 8, 2023, Governor Ron DeSantis of Florida signed CS/CS/SB 264, amending a suite of Florida statutes to impose heightened requirements on business activities involving foreign interests.  As related to the health care industry, CS/CS/SB 264 amended the Florida Electronic Health Records Exchange Act (“Act”) to, among other things, require “health care providers” that … Continue Reading

OCR Joins Chorus of Regulators Warning About Health Data Tracking Technology

Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance. Cookies, web beacons, and similar technology are used to collect and analyze data about … Continue Reading

Healthcare Research: A Transatlantic and Trans-European Dialogue Seminar

On November 23rd, a Squire Patton Boggs partner will lead a panel of industry thought leaders in a discussion of transcontinental health research and data issues.  Topics to be explored include: What are the challenges that companies need to face in order to promote research with health data? What should evolve in the legal framework … Continue Reading

Webinar: Got Data?: How the Health Data Rules are Changing

On June 1, an SPB Partner and other industry experts will co-present on the ABA Webinar: Got Data?: How the Health Data Rules are Changing. The program, organized by the American Bar Association (ABA) will address recent and upcoming developments impacting health data including, CMS and ONC final rules on information blocking and interoperability, HIPPA and guidance … Continue Reading

The Illinois Biometric Information Privacy Act (“BIPA”): When Will Companies Heed the Warning Signs?

The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since.  BIPA regulates how “private entities” collect, use and share biometric data and imposes certain security requirements.  The stated intent of BIPA was to address the heightened risk of identity theft associated with the processing … Continue Reading

Medical Imaging Company Pays $3 Million Data Security Fine

A medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another … Continue Reading

Digital Health Update: Recent FDA Cyber Initiatives

The Food and Drug Administration (“FDA”) has greatly increased its activity around cybersecurity initiatives and medical devices. As we approach the end of the year, this is a great opportunity to review recent developments. FDA Medical Device Cybersecurity Guidance On October 18, 2018, the FDA published draft guidance, “Content of Premarket Submissions for Management of … Continue Reading

How To Avoid Paying $2,000 A Day To Encrypt ePHI

Let’s hope you don’t pay that much to encrypt electronic Protected Health Information (ePHI). How about a total of $4.3 million over two years? Well, that’s the total penalty for encryption violations assessed by Health and Human Services (HHS). An Administrative Law Judge found the penalty could have been much worse. The facts are sobering. … Continue Reading

Law360 Expert Analysis: Health Tech Is The New Focus For Cybersecurity Policy

In a May 22, 2018 article that appeared in Law360 Expert Analysis piece, Squire Patton Boggs partner Elliot Golding writes, “There is no shortage of attention on health care data privacy and cybersecurity, with an avalanche of new and proposed government and regulatory initiatives underway. Although health care has long been a key target for … Continue Reading

New EU Strategy on Artificial Intelligence

On Wednesday 25 April, the EU Commission unveiled a new strategy to boost Europe’s capabilities and related industries around artificial intelligence. As you know, this is a “hot topic” that has the potential to affect many businesses and sectors across Europe and beyond. Many of our clients are very interested in this technology development (and … Continue Reading

Key Health Care Technology Privacy and Cybersecurity Considerations

In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices.  This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading

EU’s proposed eHealth measures focusing on broadening the availability and sharing of health data

On 25 April 2018, the European Commission (EC) issued a Communication on enabling the digital transformation of healthcare, outlining the European Union’s (EU) priorities and actions towards digital health. The EU’s plan focuses on the following core priorities: Ensuring citizens’ access to their health data and introducing the possibility to share their data across borders; … Continue Reading

HHS OCR Issues New Research Guidance

As part of its ongoing implementation of the 21st Century Cures Act (Public Law 114-255), the Department of Health and Human Services last month released a number of new HIPAA guidance tools, including additional information about research uses and disclosures.  The research guidance contains helpful tips for covered entities regarding authorizations, revocations, and “reviews preparatory … Continue Reading

HHS Task Force Identifies Critical Cybersecurity Recommendations

The recent WannaCry ransomware attack and the bevy of breaches over the past few years demonstrate that cyber risks in the healthcare arena are substantial and widespread. The Department of Health and Human Services (HHS) Health Care Industry Cybersecurity (HCIC) Task Force Report (HCIC Report), required under the federal Cybersecurity Information Sharing Act of 2015, … Continue Reading
LexBlog