HIPAA & Health Information
The capabilities of generative artificial intelligence (AI) could completely transform our healthcare system as we know it. For better or for worse, the technology advancements in healthcare are rapidly growing. Given the accelerated rollout, experts have yet to predict all the risks associated with such high-functioning computations in the healthcare system. Even though the Food and Drug Administration (FDA) regulates software being used as medical devices (SaMD), there is an overall lack of urgency, agency oversight, and sufficient regulations to tame AI technology in the healthcare system.
Following the Supreme Court decision to overturning Roe v. Wade on June 24, 2022, the Dobbs v. Jackson Women’s Health Organization ruling that gutted the long-established right to an abortion has been a constant focus, both inside and outside of the legal and healthcare communities. Notably, the ruling has remained a central focus within both the government, federal and state, and surrounding the tech sector. And these Dobbs-related conversations have a theme – the topic of health data privacy. But more specifically, discussions about data privacy surrounding reproductive healthcare.
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.
In June 2022, a nonprofit news site called The Markup released a report stating that hospitals using Meta Pixel may be releasing patient data to Meta Platforms, Inc. (previously Facebook, Inc.). Since this report was released, many of the hospitals identified in the report removed pixel technology from their websites. In addition, some hospitals have released public breach notices and reported potential data privacy breaches to the US Department of Health and Human Services (HHS) Office of Civil Rights (OCR). Most recently, on October 20, 2022, Advocate Aurora Health, a large health system located in the Midwest, released a notice publicly announcing its potential pixel breach, which may affect as many as three million patients.
In an effort to improve cybersecurity in the healthcare sector, a bipartisan bill was introduced in Congress on September 13, 2022, by Republican Brian Fitzpatrick of Pennsylvania and Democrat Jason Crow of Colorado. The Healthcare Cybersecurity Act relies on a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together in improving cybersecurity in the healthcare sector. The Act has been introduced as a result of record high increases in health data breaches across the country over the last several years. The goal is to provide resources for training and heighten efforts taken across the nation to mitigate cybersecurity risk. The Act would not only improve patient care but save healthcare cost by taking a proactive approach.
A privacy class action that first exploded in September of this year highlights consumers suing a handful of companies for violating the federal Video Privacy Protection Act. The multitude of class actions hold the Meta Platforms Inc’s Pixel tracking tool accountable for the tracking of consumer data from online platforms. News outlets, sports organizations, and streaming services are all facing lawsuits related the alleged complaints.
On June 24, the Supreme Court officially overturned Roe v. Wade. In doing so, it declared that there was no longer a constitutional right to abortion, allowing state police power to determine its legality. Immediately after this decision, trigger laws went into effect across a quarter of the states, making abortions illegal. Post Dobbs, information collected on personal devices, especially through period-tracking and telemedicine apps, is at risk of being exposed and utilized as criminal evidence.
Amanda Scott Associate Editor Loyola University Chicago School of Law, JD 2024 In June 2022, a draft of a bipartisan bicameral bill known as the American Data Privacy and Protection Act was introduced. This bill was proposed as a replacement to current laws to further protect and strengthen federal data privacy and protection regulations. This …
A recent class action lawsuit alleges Meta (the parent company of Facebook) used an illegal tracking tool to retrieve patient information from over 664 hospitals for marketing purposes. Meta and a handful of US-based hospitals have violated privacy laws such as HIPAA that control the means and methods for lawfully handling covered medical information. John Doe filed the case on June 17, 2022, in the U.S. District Court for the Northern District of California, seeking class action certification for a jury trial to recover compensatory damages and attorney’s fees.
On June 24, 2022, the Supreme Court finally handed down its long-awaited opinion in Dobbs v. Jackson Women’s Health Organization. In this decision, the Court set aside nearly 50 years of precedent and unequivocally overruled Roe v. Wade, declaring that there is no Constitutional right to abortion. This decision will unsurprisingly change laws and significantly impact millions of people across the country. Although pro-choice activists have been bracing for this outcome and mobilizing to maintain access to abortions, they have to contend with a consideration that did not exist to the same magnitude the last time that abortion was illegal in the US: anti-abortion laws’ impact on data privacy.