The Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA) jointly create national standards for electronic transactions, code sets, and unique identifiers. The ACA introduced Administrative Simplification provisions in 2010 and now the Centers for Medicaid and Medicare Services (CMS) has launched a Compliance Review Program to ensure that HIPAA covered entities are abiding by the Administrative Simplification rules.
Artificial intelligence is all around us. Whether it exists in your iPhone as “Siri” or in complex machines that are detecting diabetic retinopathy, it is constantly growing and becoming a regular part of the modern day. As with any new technology, regulation surrounding artificial intelligence is becoming increasingly problematic. The question facing us now is how do we encourage further development without accidentally hindering its growth? Recently, the Food and Drug Administration has attempted to take steps toward further regulation of artificial intelligence by introducing a review process for medical artificial intelligence. This is just one instance of how regulation may affect the evolution of artificial intelligence.
In March 2019, the FDA issued a statement explaining that asbestos was found in certain cosmetic products sold at retail stores Claire’s and Justice. The Food, Drug, and Cosmetics Act (FDCA) has always granted the FDA similar authority to monitor cosmetic products for adulteration or misbranding as it does food. However, litigation in this area was notably silent. The FDA’s change in position on its authority is long overdue.
Despite all preventive measures that hospitals and health care systems put in place to stop data breaches from occurring, employees at these entities still have unsecured and un-encrypted laptops, which are susceptible to cybersecurity attacks. A report from a cybersecurity protection organization stated that a majority of high-risk scenarios that occur in health care entities were due to unsecure laptops. These unsecured laptops can lead to massive data breaches and can result in hefty fines imposed by the Office of Civil Rights. Proper encryption, tracking software, and rarely leaving laptops unattended are a few ways that employees and organizations can help safeguard protected health information and prevent data breaches.
In addition to enforcement agencies attempting to tame the seemingly untameable world of cryptocurrency trading, agencies continue to tackle issues of market manipulation, including spoofing, as well as push into investigating international corruption in an effort to maintain economic and market integrity. As new developments emerge, compliance directors and operations associates will hopefully gain more guidance on coaching traders on exchange rules.
The Children’s Online Privacy Protection Act (“COPPA”) prohibits unfair or deceptive collection, use, and disclosure of the personal information of children on the internet. COPPA covers both website operators and app developers, and prevents collection of personal information without verified, written consent of parents. On February 27, 2019, the Federal Trade Commission (“FTC”) filed a complaint in U.S. District Court against TikTok, previously known as Music.ly. The complaint alleged that Music.ly knowingly violated COPPA when it collected data from children without written consent of parents. Music.ly settled for $5,700,000.00, the largest civil penalty obtained by the FTC for violations of COPPA.
On March 12, 2019, the Department of Justice (“DOJ”) announced revisions of the Corporate Enforcement Policy in the Foreign Corrupt Practices Act. The changes now require company oversight of ephemeral messaging apps used by any employee, stock holder, or agent who discusses business records via the messaging platform. Publicly traded companies must now establish internal compliance policies to review use of ephemeral messaging services, provide ongoing oversight of the messaging services, and may want to completely prohibit the use of such messaging apps for business purposes.
Cook County General Administrative Order 18-1 pertains to the Standard HIPAA Qualified Protective Orders (QPO) that will be permitted in Cook County. These orders will only be allowed for cases that are in litigation where the Plaintiff and Plaintiff’s counsel authorize disclosure of a litigants’ protected health information (PHI). It also requires all entities who received PHI to either return the documents to the Plaintiff or destroy them at the end of the case. These changes mean that Plaintiff’s attorneys will see a change in the handling of Plaintiff’s medical records and other documents covered under the QPO containing PHI.
During Governor-elect J.B. Pritzker’s election campaign, he heavily advocated for Illinois to be more accommodating to recreational marijuana usage. In Illinois, medical marijuana has already been legalized, and new bills are being introduced to make it more accessible. If recreational marijuana is legalized, Illinois will join ten states, and the District of Colombia, in its authorization.
From Siri to Alexa, to deep learning algorithms, artificial intelligence (AI) has now become commonplace in most peoples’ lives. In a business context, AI has become an indispensable tool for businesses to utilize in accomplishing their goals. Due to the complexity of the algorithms required to make quick and complex decisions, a “black box problem” has emerged for those who utilize these increasingly more elaborate forms of AI. The “black box” simply refers to the level of opacity that shrouds the AI decision-making process. While no current regulation explicitly bans or restricts the use of AI in decision making processes, many tech experts argue that the black box of AI needs to be opened in order to deconstruct not only the technically intricate decision-making capabilities of AI, but the possible compliance-related problems this type of technology may cause.