Considering DPF Certification? It May be Worth Considering APEC Certifications, Too

It has become commonplace to talk about compliance becoming more and more of a challenge amidst the increasing complexities and fragmentation of regulations worldwide. Data protection compliance is no exception. As new requirements continue to mushroom across the globe with escalating frequency and accompanied by heightened repercussions for any failure to meet expected standards, global companies are now, more than ever, seeking ways to simplify their compliance strategy while demonstrating accountability to individuals, customers and regulators.

It is against this backdrop that healthcare organisations with multinational or even international operational footprints may want to consider certification to the Asia Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR). The APEC CBPR, and its forthcoming successor, the Global CBPR, have a wide geographical reach which can facilitate more multilateral transborder data flows. Additionally, certification can be used for comprehensive domestic privacy compliance and accountability programs.

Squire Patton Boggs attorneys Alan Friel, Charmian Aw, and Shea Leitch discuss the benefits of CBPR certification, and factors to consider when determining whether such certification is appropriate for your organization, on our Privacy World blog, available here.

Singapore Updates Data Privacy Rules for Healthcare Sector

Nine years after its initial inception, Singapore’s data protection authority (Commission) published in September 2023 an updated set of advisory guidelines for the healthcare sector (Revised Guidelines).

As with other advisory guidelines issued by the Commission, the Revised Guidelines are not intended to be legally binding, but will guide the interpretation and enforcement of Singapore’s comprehensive data protection law, the Personal Data Protection Act (PDPA) in the context of the nation’s booming healthcare sector.

Singapore as a medical tourism destination

Singapore boasts a strong healthcare sector that is supported by advanced IT and digital systems and infrastructure. It attracts more than 500,000 medical tourists annually, accounting for approximately US$ 1 billion in tourism spending. Major healthcare providers have established their regional headquarters in Singapore, and the country’s healthcare market is expected to grow to US$49.4 billion by 2029[1].

Data privacy regulation in Singapore

Whilst the PDPA was first introduced in Singapore in 2012, the law was significantly amended in 2020, with key changes made to implement:

  • Brand new legal bases for processing personal data, including for the legitimate interests or for a ‘business improvement’ purpose of the controller organisation. These would do away with the need for consent.
  • A right of data portability that can be exercised by individuals (with details on implementation expected to follow in due course).
  • Mandatory data breach reporting.
  • Higher financial penalties of up to 10% of an organisation’s annual (domestic) turnover.

Continue Reading

FDA Delays Enforcement of MOCRA Deadlines for Facility Registration and Product Listing to July 1, 2024


President Biden signed into law the “Consolidated Appropriations Act, 2023” on December 29, 2022. The Act includes the Modernization of Cosmetics Regulation Act of 2022 (“MOCRA”), which increased the authority of the United States Food and Drug Administration (FDA) to regulate cosmetics products and provide enhanced cosmetics protections for consumers. For insight, please see our prior blog post, Revamping of Cosmetics Regulation and Safety (January 23, 2023).

In August 2023, the FDA released draft guidance, entitled Registration and Listing of Cosmetic Product Facilities and Products: Guidance for Industry, on upcoming regulatory changes pursuant to MOCRA, including guidance on cosmetic product facility registrations and product listings. For more information on this draft guidance, please see our previous blog post, Revamping Cosmetics Safety and Regulation: Updates from FDA on Regulatory Changes under MOCRA (October 17, 2023).


On November 9, 2023, the FDA published notice of final guidance entitled Compliance Policy for Cosmetic Product Facility Registration and Cosmetic Product Listing. This guidance delays FDA’s enforcement of some facilities’ registration and product listing compliance requirements under MOCRA to July 1, 2024. This enforcement delay applies to facilities that “engaged in manufacturing or processing of a cosmetic product” or products as of MOCRA’s enactment date (December 29, 2022). Originally, MOCRA imposed a registration and listing deadline for these facilities was December 29, 2023. The FDA explains that the six-month enforcement delay is necessary to give industry more time to gather information, “including obtaining facility registration numbers to associate with cosmetic product listings, obtaining access to the electronic submissions database, and verifying accurate registration and listing information for submission.”

Continue Reading

California Takes Steps Towards a Unified Health Care Financing System

On October 7, 2023, California’s Governor approved Senate Bill (“SB”) 770, which directs the Secretary of the California Health and Human Services Agency (“Secretary”) to take steps towards designing a health care delivery system that provides benefits through a unified health care financing system, such as a single-payer health care system. Prior law established the Healthy California for All Commission to develop a plan to achieve a health care delivery system in California that provides coverage and access through a unified health care financing system. SB 770 is the next phase of the plan.

SB770 envisions a healthcare delivery system with specific attributes. To that end, the Secretary will research, develop and pursue a waiver framework in consultation with the federal government to create this new system. These attributes include:

  • A comprehensive set of medical, behavioral health, pharmaceutical, dental and vision benefits, including primary, preventative and wellness care services;
  • Long-term care supports and services;
  • Services that do not vary with age, employment status, disability status, income, immigration status, or other characteristics;
  • The identification and elimination of disparities among Medicare, Medi-Cal, employer-sponsored insurance, and individual market coverage;
  • The elimination of adverse impacts within the health care system of attempts to avoid covering the sick or providing the benefits patients need;
  • The absence of cost sharing for essential services and treatments covered under the program;
  • The establishment of sufficient reserves to guarantee solvency during public health emergencies and times of economic disruption;
  • A program to implement a just transition for members of the health industry workforce whose jobs may be disrupted;
  • Health care system financing costs limited to a specified percentage of individual income on a progressive sliding scale;
  • Cost-effective systemwide pooled purchasing to negotiate rates with providers;
  • Freedom of choice for patients to choose providers and for primary care providers to choose practice models;
  • Greater investments in public health, primary care, and health equity;
  • Improvements in cost, quality, and health care system oversight and integration;
  • A rate setting process using Medicare rates as the starting point for the development of final rates that avoid disruptions in the health care system and expand the availability of high quality vital services by sustaining a stable, experienced, and equitably compensated workforce;
  • Prohibitions on risk-bearing contractual arrangements that tend to incentivize providers to withhold needed care, while allowing for payment models that guarantee access, promote quality, ensure equity and enable multidisciplinary teams; and
  • Methods of payment, delivery and oversight implemented under the unified health care financing system that will continue to allow California the ability to receive the full benefit of federal expenditures and tax credits that currently underwrite the full scope of health services.

Next, SB 770 requires the Secretary to engage specified stakeholders to provide input on topics related to discussions with the federal government and key design issues. These stakeholders will include representatives of consumers, patients, community based health care service providers, community organizations, health care professionals, labor unions, employers, health policy experts, government agencies, and philanthropic organizations focused on health care. SB770 designates a number of key design issues for further analysis, such as health care delivery, consumer protections under the new system, health care quality and equity, and reducing costs.

Continue Reading

Revamping Cosmetics Safety and Regulation: Updates from FDA on Regulatory Changes under MOCRA.

On December 29, 2022, President Biden signed into law the “Consolidated Appropriations Act, 2023.” The Act includes the Modernization of Cosmetics Regulation Act of 2022 (“MOCRA”), which increased the authority of the United States Food and Drug Administration (FDA) to regulate cosmetics products and provide enhanced cosmetics protections for consumers. For insight, please see our prior blog post, Revamping of Cosmetics Regulation and Safety (January 23, 2023).

FDA previously announced that it will no longer accept facility registration and product listing submissions to the Voluntary Cosmetic Registration Program (VCRP) beginning March 27, 2023. Formerly, cosmetic companies had the option of participating in the Voluntary Cosmetic Registration Program (“VCRP”) for products sold in domestic commerce. The purpose of VCRP was to help FDA gather information on cosmetics, including ingredients, frequency of use, etc.

Most recently, in August 2023, the FDA released draft guidance, entitled Registration and Listing of Cosmetic Product Facilities and Products: Guidance for Industry, on upcoming regulatory changes pursuant to MOCRA, including guidance on cosmetic product facility registrations and product listings. Importantly, because MOCRA imposes requirements that are different from those required under the VCRP, the FDA emphasizes in this guidance that it will not consider previous submissions to the VCRP as satisfying the facility reporting and product listing requirements under MOCRA. Comments on the draft guidance were due by September 7, 2023 and can be viewed on Docket No. FDA-2023-D-1716-002.

Several commenters, including multiple industry associations, requested that the FDA keep cosmetic facility registration and product listing information protected from public disclosure under the Freedom of Information Act (FOIA) and refrain from publicizing FDA’s database of facility registrations and product listings. For example, industry groups requested that FDA (1) define the information within public facility registrations and product listings that would be considered “relevant information” under FOIA and therefore disclosable, and (2) provide clear confirmation that the identity of responsible parties remain confidential.

Some groups requested FDA to continue to use the same product listing categories that were used under the VCRP until the initial registration and listing period ends. This would allow industries to have more time to update their internal categorization systems to match with FDA’s final guidance. Other groups have requested FDA go back to using the VCRP’s categories permanently, explaining that the new list of categories could place several products in more than one category.

Additionally, a few foreign-based cosmetics companies provided comments seeking FDA clarification on whether a “Responsible Person” under MoCRA may be a foreign entity.

Continue Reading

HHS OIG Introduces Managed Care Strategic Plan

In August, the Office of Inspector General (“OIG”) of the U.S. Department of Health and Human Services (“HHS”) introduced a new “Strategic Plan for Oversight of Managed Care for Medicare and Medicaid” (the “Strategic Plan”).  The introduction of the Strategic Plan is in response to the continued growth of managed care in government sponsored health plans over the last several years.  Medicare Advantage hit a milestone in the last year, with now a majority of Medicare beneficiaries being enrolled in a Medicare Advantage Plan.[1]  That growth is expected to continue; the Congressional Budget Office predicts that the share of beneficiaries enrolled in Medicare Advantage Plans will increase to 60% in ten years.[2]  For Medicaid, almost seventy-five percent (75%) of beneficiaries are now enrolled with comprehensive Managed Care Organizations.[3] 

Traditionally, the perception of regulators and industry members was that managed care was less susceptible to fraud, waste, and abuse than traditional fee for service payment models. However, with the increased share of government dollars being spent on managed care, the fraud, in the OIG’s view, has followed.[4]  In response the OIG has increased its review of managed care over the last few years and this year officially announced it as a priority area along with the publication of the Strategic Plan.  The Strategic Plan, meant to align the OIG’s activities regarding its oversight of managed care, identifies three areas of focus for OIG: (1) promoting access to care for enrollees, (2) providing comprehensive financial oversight, and (3) promoting data accuracy. 

Continue Reading

U.S. Federal Trade Commission Challenges Private Equity Firm’s Acquisition Spree in Texas 

On September 21, 2023, the Federal Trade Commission (FTC) filed a lawsuit against U.S. Anesthesia Partners, Inc. (USAP) and private equity firm Welsh, Carson, Anderson & Stowe, alleging that they engaged in anticompetitive practices in the anesthesia services market in Texas. According to the FTC’s complaint, USAP and Welsh Carson executed a multi-year strategy to consolidate anesthesiology practices in Texas, raise the prices of anesthesia services, and increase their own profits.

The key allegations and points from the lawsuit include:

  1. Roll-up Scheme: According to the complaint, USAP and Welsh Carson systematically acquired numerous large anesthesia practices in Texas, effectively consolidating them into a single dominant provider. This consolidation allowed them to gain significant market power and the ability to demand higher prices for anesthesia services.
  2. Price-Setting Agreements: USAP and Welsh Carson allegedly entered into price-setting agreements with remaining independent anesthesia practices, further driving up the prices of anesthesia services in Texas. The FTC alleges these agreements would have contributed to higher costs for patients and healthcare providers.
  3. Exclusion of Competitor: USAP is accused of striking a deal to prevent a significant competitor from entering its territory, eliminating competition and allowing USAP to maintain its dominance in the market.
  4. Increased Costs to Texans: The FTC claims that USAP’s anticompetitive practices resulted in Texans paying tens of millions of dollars more each year for anesthesia services than they did before USAP’s creation.
  5. Motivation for Consolidation: Welsh Carson allegedly created USAP in 2012 because it saw an opportunity to profit by eliminating competition among small anesthesiology practices in Texas. The competition among these smaller practices allowed insurers to negotiate lower prices for their clients and patients.
  6. Violation of Antitrust Laws: The FTC alleges that USAP and Welsh Carson’s conduct violates various antitrust laws, including unlawful monopolization, unlawful acquisitions, conspiracy to monopolize, unfair competition, and unlawful restraints of trade. These actions are said to contravene the FTC Act and the Clayton Act.
  7. FTC’s Response: The FTC is seeking equitable relief to address the impact of USAP and Welsh Carson’s anticompetitive practices and to prevent such practices from happening again in the future.

The FTC’s lawsuit underscores the agency’s commitment to ensuring fair competition in healthcare markets and preventing anticompetitive behavior that can lead to higher costs for consumers. It also illustrates the agency’s continuing concerns with serial acquisitions, roll-ups, and other “stealth consolidation” strategies, particularly those involving private equity. These concerns were recently emphasized in the agency’s draft merger guidelines which state, in part, that the mere existence of serial acquisitions by a transacting party, or others in the industry, could invite additional scrutiny of a particular transaction, as well as a party’s prior transactions.

Use of Artificial Intelligence in Healthcare Industry in Mainland China

With breakthroughs in artificial intelligence (“AI”), the healthcare industry has experienced rapid development. Since 2016, China has issued a series of relevant policies, including the “Internet+” Artificial Intelligence Three-Year Action and Implementation Plan, Guiding Opinions on Promoting and Regulating the Application and Development of Big Data in Health and Medical Care and the “Healthy China 2030” Blueprint. These policies encourage and guide the integration of AI, such as natural language processing and machine learning, with various aspects of the medical and healthcare industry.

As medical AI applications continue to be commercialized, leading to significant cost reductions and enhanced efficiency, corresponding practical regulations have been gradually established.

Continue Reading

Join us on September 28 for a Webinar on Washington’s My Health My Data Act and other Consumer Health Data Regulation

With its private right of action and expansive scope – extending far beyond Washington state’s borders and applying to a wide swath of health- and non-health-oriented companies alike – Washington’s My Health My Data Act is poised to be more ground-shifting than any other consumer privacy law that came before it. Join Kyle Fath, Bola Shonowo and Gicel Tomimbang for a discussion of:

  • What is “consumer health data” and who is a “consumer” under the law?
  • Key obligations, including privacy policy requirements, consumer rights, and required consents and authorizations for collection, “sharing” and “selling”
  • Jurisdictional scope, litigation and enforcement details
  • Other legislative and regulatory schemes that are filling the gap left by HIPAA, including health data-specific state privacy laws in Connecticut and Nevada, general state consumer privacy laws, such as the California Consumer Privacy Act (CCPA) and the Colorado Privacy Act (CPA), and the FTC’s Health Breach Notification Rule

Date: Thursday, September 28 at 12 ET

Register for free here.

Congressional Republicans Solicit Comments from Health Stakeholders

Over the past several weeks, Congressional Republicans have indicated they are gearing up to tackle various health policy issues – and have offered health stakeholders the opportunity to provide feedback and their expertise in policy development.

On August 25, Republicans on the House of Representatives’ Committee on the Budget established a “Health Care Task Force.” Chaired by Rep. Michael Burgess, MD (R-TX), the Task Force is charged with “find[ing] solutions to reduce health care spending, examin[ing] opportunities to modernize and personalize the health care system, and support[ing] policies to fuel innovation and increase patient access to quality and affordable care.” The Task Force released an open letter, requesting: (1) feedback on regulatory, statutory, or implementation barriers that could be addressed to reduce health care spending; (2) information on efforts to promote and incorporate innovation into programs like Medicare to reduce health care spending and improve patient outcomes; (3) comments on the Congressional Budget Office’s modeling capabilities on health care policies, including limitations or improvements to such analyses and processes; (4) examples of evidence-based, cost-effective preventive health measures or interventions that can reduce long term health costs; and (5) recommendations to reduce improper payments in federal health care programs. Responses are due October 15, 2023.

On the other side of the Capitol, on September 6, Senate Committee on Health, Education, Labor, and Pensions (HELP) Ranking Member Bill Cassidy, MD (R-LA) released a white paper titled “Exploring Congress’ Framework for the Future of AI: The Oversight and Legislative Role of Congress Over the Integration of Artificial Intelligence in Health, Education, and Labor.” While Senate Majority Leader Chuck Schumer (D-NY) is scheduling artificial intelligence (AI) briefings for senators – with the intention of educating lawmakers and moving legislation later this year – Sen. Cassidy puts forth specific questions for health stakeholders on supporting medical innovation, as well as medical ethics and protecting patients. Feedback on the white paper is due September 22, 2023.

Continue Reading