Category:Privacy & Security
Patient Privacy in the Post Roe Era
On June 24, 2022, the Supreme Court finally handed down its long-awaited opinion in Dobbs v. Jackson Women’s Health Organization. In this decision, the Court set aside nearly 50 years of precedent and unequivocally overruled Roe v. Wade, declaring that there is no Constitutional right to abortion. This decision will unsurprisingly change laws and significantly impact millions of people across the country. Although pro-choice activists have been bracing for this outcome and mobilizing to maintain access to abortions, they have to contend with a consideration that did not exist to the same magnitude the last time that abortion was illegal in the US: anti-abortion laws’ impact on data privacy.
Senate Brings Bipartisan Attempt to Update Health Privacy Regulations
On February 9, a group of senators led by Tammy Baldwin of Wisconsin and Bill Cassidy of Louisiana introduced a new bill, the Health Data Use and Privacy Commission Act (the “Act”), in attempt to revitalize current legislation regarding the protection and use of health data. The bill also has the support of a number of representatives from within the healthcare industry, including Epic, IBM, and Teladoc Health, as well as a number of professional associations like the American College of Cardiology, the Association for Behavioral Health and Wellness, and the Association of Clinical Research Organizations.
The Quiet Corporate Health Cybersecurity Struggle Playing Out in Plain Sight
Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.
The Explosion of Remote Patient Monitoring in the Wake of COVID-19
The COVID-19 pandemic has fundamentally changed many aspects of healthcare delivery. Most notably, the pandemic increased the demand for digital health services. Telemedicine saw ten years’ worth of expansion in one year, but it was not the only digital health service that exploded as a result of the pandemic. Telehealth has evolved from merely meeting with a provider via a video conference to include more sophisticated technologies. Remote Patient Monitoring (“RPM”) allows for providers to collect patient data without the patient having to go to a healthcare facility for monitoring. RPM can improve the quality of healthcare delivery by more closely monitoring a patient while also reducing patient volumes within a healthcare setting. In addition, because RPM allows patients to get more care at home, it can largely reduce costs to the patient and the payor while increasing access. Despite the many benefits associated with RPM, there are considerable risks and compliance issues.
Will the Silver Lining Fade? The Pros and Cons of Teletherapy & Behavioral Telehealth
Joanna Shea Associate Editor Loyola University Chicago School of Law, JD 2022 A common topic of COVID-adjacent conversation these days is the ‘silver lining’ – unexpected positives resulting from the dark grey cloud that has claimed over half a million lives in the United States. Emergency adaptation measures taken by industries otherwise slow to modernize …
Read more
President Biden’s COVID-19 Data-Driven Executive Order to Promote Health Equity
President Joe Biden has issued a number of Executive Orders, many of which address the ongoing COVID-19 public health emergency. On January 21, 2021, President Biden released another pillar of his Administration’s long-term plan to direct the United States out of the throes of the pandemic. The twelfth Executive Order titled, “Ensuring a Data-Driven Response to COVID-19 and Future High-Consequence Public Health Threats” orders the Department of Health and Human Services (“HHS”) Secretary Alex Azar to conduct a nationwide review of the interoperability of public health data systems in an effort to enhance the collection, sharing, analysis, and collaboration of de-identified patient data.
How Federal Data Privacy Regulation Could Help Curb the COVID-19 Pandemic
It cannot be denied that the COVID-19 pandemic has led to many novel legal and regulatory issues. One topic of major concern both domestically and abroad is how to manage the massive amounts of consumer data being collected in the attempt to quell the spread of the virus. This issue is especially complicated to address in the United States, where a convoluted patchwork of state and federal laws interact to create a relentlessly fragmented data regulation system. Now, as state and local governments, along with tech giants like Apple and Google, continue to roll out contact tracing applications, the need for comprehensive data privacy regulation is more pressing than ever.
Telehealth in the Age of COVID-19
The Health Insurance Portability and Accountability Act – enacted in 1996 by the U.S. Congress and signed by then-President Bill Clinton – has long served to maintain the standards of electronic health records and patient privacy, among many other provisions. Violating HIPAA can result in both criminal prosecution as well as steep civil penalties. As the healthcare industry transitioned from the use of paper records to storing patient data on electronic health records over the last two decades, health organizations have learned to adapt to HIPAA compliance, with many increasing their compliance programs by hiring full-time compliance officers, designating an individual as the compliance manager, and/or appointing a compliance committee within the organization.
Congress Introduces the Smartwatch Data Act
On November 18th, 2019, Congress introduced the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act, known as the Smartwatch Data Act. The Smartwatch Data Act was introduced by Democratic Senator Jacky Rosen and Republican Senator Bill Cassidy, due to Google’s desire to acquire fitness tracker manufacturer Fitbit in 2020. Since notice of this acquisition, privacy advocates have raised concerns about how Google will use personal health data collected through Fitbit devices. Therefore, this legislation aims to ensure that health data collected through fitness trackers, smartwatches, and health apps, cannot be sold without consumer consent.
HIPAA And The Growth Of Technology
Earlier in 2019, a lawsuit was filed against University of Chicago Medicine, University of Chicago Medical Center, and Google. The suit claims that patient information was shared with google as part of a study aimed to advance the use of Artificial Intelligence, however, patient authorization was not obtained and the data used was not properly de-identified. In 2017, University of Chicago (UChicago) Medicine started sending patient data to Google as part of a project to look to see if historical health record data could be used to predict future medical events.