Privacy & Security
In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.
On January 29, 2019, TechCrunch released an investigation finding that Facebook had been paying users as young as 13 for unlimited access to their data. Facebook marketed the application, not available through the iOS app store, to users aged 13-to-35 by offering to pay $20 per month plus referral fees for downloading and using a “Facebook Research” app. The app, once downloaded, provided Facebook with unrestricted access to all private data on the users iPhone including messages, photos and videos, and website usage. This was not the first app launched by Facebook to track user’s data, Apple removed a similar app called Onavo from the app store in 2018. This app is a clear violation of the 2011 consent decree Facebook signed with the Federal Trade Commission.
Ever since the Facebook and Cambridge Analytica scandal, concerns surrounding data privacy and protection have been growing. Both government agencies and individual users have particularly been concerned on how their data is being collected and used on social media websites such as Facebook. Germany has taken action in response to such concerns and recently took a step against Facebook’s collection of data in a decision that outlawed Facebook’s entire advertisement regime.
With the recent change of New York’s abortion law, legislators granted women the affirmative right to abortions under the state’s public-health law. Under the Reproductive Health Act, restrictions on abortion past twenty-four weeks are removed legalizing abortion up until the day of birth. This bill was passed on the 46th anniversary of the Roe v. Wade decision. The new bill comes as a reaction to the confirmation of conservative Supreme Court Justice Brett Kavanaugh, giving protection to women’s access to abortion if Roe v. Wade is overturned. Proving to be very controversial, the change has advocates and critics at odds with its potential future effects.
New data privacy regulations entail questioning both current and future technologies. Recently, Amazon has introduced a store concept that eliminates everyone’s least favorite things about shopping, long lines and small talk. Amazon Go is the grocery store of the future and these stores allow consumers to walk in, pick up the items that they need, and then walk right back out. That’s it. No long lines, no cashiers, no shopping carts. However, as great as this concept seems, there are still concerns from a data privacy standpoint as Amazon needs to collect personal data from its consumers in order to be able to lawfully execute these checkout-less stores.
On September 12, 2018, the European Parliament approved amendments to the Directive on Copyright in the Digital Single Market, commonly known as the EU Copyright Directive (the “Directive”). The amendments primarily cover copyright protection over internet resources. There are two parts of the Directive that have caused concern: Articles 11 and 13. Article 11, also referred to as the “link tax,” provides publishers with a method to collect revenue from news content shared online. Article 13, also referred to as the “upload filter,” holds Internet platforms, such as Facebook and Twitter, liable for copyright infringement committed by users. Together, large and small platform providers that would have to comply with these new regulations have declared that the enactment of these articles places a heavier burden on service providers. Critics of these amendments also say the requirements are likely to lead to increased taxation and more lawsuits. The final vote on the directive is scheduled for January 2019.
The FDA regulationson human subject protection and Institutional Review Boards(IRBs) provide guidance to protect the rights, safety, and welfare of subjects who participate in FDA-regulated clinical investigations. The regulations conform with the requirements set forth by the Department of Health and Human Services (HHS) Federal Policy of Human Research Subjects(45 CFR 46, part A). In order to reduce confusion and burdens associated with complying with both the FDA regulations and the HHS policies regarding human subject protections, the FDA is revising the current “common rule”.
Immediately upon introduction, mobile medical applications became favored by physicians and patients alike because the applications are user friendly and allow the patient to understand their care and participate in more meaningful discussions with their provider about their health. Due to the rapid development of technology and, as a result, a surge of mobile medical applications flooding the market, the Food and Drug Administration has issued three guidances on how they plan to regulate mobile medical applications. In order for mobile medical application manufacturers to remain compliant with the FDA guidances, they must meet the seven categories of requirements that are laid out in Appendix E of FDA’s 2015 guidance and also comply with any further guidance that is released.
Direct-to-consumer genetic testing kits have exploded in popularity over the last decade. Ancestry.com and 23andMe proudly state they have had ten million and five million customers, respectively, using their DNA testing services. One study projects that improvements in technology and popularity will cause DNA testing to increase tenfold by 2021. Many experts in the field of genetics and bioethics have expressed concern regarding the ability of regulators and privacy infrastructure to keep pace with the expansion of these types of genetic services. We may not be at a point where we understand the full implications of having such large banks of genetic information, but here are five reasons to be concerned.
Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.