Journal of Regulatory Compliance
Earlier in 2019, a lawsuit was filed against University of Chicago Medicine, University of Chicago Medical Center, and Google. The suit claims that patient information was shared with google as part of a study aimed to advance the use of Artificial Intelligence, however, patient authorization was not obtained and the data used was not properly de-identified. In 2017, University of Chicago (UChicago) Medicine started sending patient data to Google as part of a project to look to see if historical health record data could be used to predict future medical events.
Ever since the Facebook and Cambridge Analytica scandal, concerns surrounding data privacy and protection have been growing. Both government agencies and individual users have particularly been concerned on how their data is being collected and used on social media websites such as Facebook. Germany has taken action in response to such concerns and recently took a step against Facebook’s collection of data in a decision that outlawed Facebook’s entire advertisement regime.
The Common Rule, the Federal policy protecting human subjects of biomedical and behavioral research, was published in 1991. The process to update the policy has taken place over the last several years, leading to the final rule revisions which were effective as of July 19, 2018. After January 20, 2019, institutions are now permitted to implement the entirety of the revised Common Rule. Any institution receiving funds, supervision, or review from any of the twenty Federal Departments and Agencies that have codified the Common Rule must implement this revised rule in their compliance programs.
New data privacy regulations entail questioning both current and future technologies. Recently, Amazon has introduced a store concept that eliminates everyone’s least favorite things about shopping, long lines and small talk. Amazon Go is the grocery store of the future and these stores allow consumers to walk in, pick up the items that they need, and then walk right back out. That’s it. No long lines, no cashiers, no shopping carts. However, as great as this concept seems, there are still concerns from a data privacy standpoint as Amazon needs to collect personal data from its consumers in order to be able to lawfully execute these checkout-less stores.
Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.
In a time when data breaches occur fairly frequently, whether it’s credit card information being stolen from department stores or a credit reporting bureau breach affecting hundreds of millions of customers, keeping personal information private seems to get harder every day. That fact may give patients pause when they are asked to sign up for an electronic health record account. A 2017 survey listed electronic health record management as one of patients top concerns. Changes in recent years have led to changes in compliance measures that make electronic health records security an added benefit to patients and ensure the continued increase of their adoption.
In a world where our reliance on technology and the cloud is increasing exponentially, data security’s growth has stagnated. The European Union (EU) passed the General Data Protection Regulation (GDPR) in hopes of ensuring that consumer data is protected and not harbored by businesses. The effects of the GDPR, however, have passed the borders of the European Union. In a world where our actions extend internationally with just the click of a button, the GDPR’s impact circles the globe as well. The GDPR has pushed for a shift in data privacy and regulation for companies within and outside of the EU as it holds to protect European citizens, no matter where they are in the world. This international reach has not only created forces to drive U.S. companies to comply, but states within the U.S. are now creating GDPR-inspired laws to protect their own citizens. The GDPR has started a trend that will soon become the norm and finally push compliance to keep up with the exponential growth of technology.
With less than a week left in the semester, the Journal of Regulatory Compliance editors are hard at work studying for exams, gearing up for summer jobs, or eagerly awaiting graduation. However, before we shutter INSIDE COMPLIANCE for the summer session, I want to take this opportunity to look back over the past year, and how much our members have accomplished.
The Journal of Regulatory Compliance is a young law journal, even for Loyola University Chicago School of Law. It’s only been a few years since our first annual symposium, and the debut of the Center for Compliance Studies here at Loyola University Chicago School of Law. In many ways, this year was an experiment—we debuted a new Board structure, a new editorial process, a new blog format and a new time of year for our Symposia. Despite that uncertainty, the 30-plus members of the Journal of Regulatory Compliance have accomplished extraordinary things.
Despite the United States having one of the safest food supplies in the world, more than 48 million Americans get sick from foodborne illnesses and diseases each year, and more than 128,000 are hospitalized and 3,000 die from similar issues that are largely preventable. On January 04, 2011 President Obama signed the Food Safety Modernization Act (“FSMA”) into law. This enactment was called the “most sweeping reform” of U.S. Food Safety laws in more than seventy years. But seven years later, the act is still only partially enforced as the FDA has faced resistance from the government as well as a lack of funding. The FMSA was and is intended to enable the FDA to protect the health of the public by strengthening the food system in the United States. While change and reform in the industry are necessary, what good are new reforms if they will not be enforced for years to come?
Modern business thinking has come to accept that reputation is as important as financials. As investors look for companies that demonstrate this understanding, compliance professionals are in a unique position to make their companies more appealing.