Category:

Privacy & Security

HIPAA May Not Be Enough to Protect Our Health Information

On March 1, 2019, the College of Healthcare Information Management Executives (“CHIME”) sent a six-page letter to Congress which discussed how technology has impacted health care costs. CHIME believes that too much money is being allocated towards making sure that health care organizations are complying with the Office of Civil Rights (“OCR”) and the Department of Health and Human Services (“HHS”) requirements, while not enough resources are being given towards actually protecting against cybersecurity attacks. The letter contains multiple suggestions in which patient data could be better protected, such as incentivizing health care organizations to implement more cybersecurity safety measures. However, many of CHIME’s proposals would require Congress to amend multiple provisions in acts, such as the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”).

Sunscreen Regulations: Providing Protection for Consumers and Difficulties for Manufacturers

In 2014, Congress passed the Sunscreen Innovation Act in the hopes of encouraging innovation for new sunscreen ingredients. Recently, the United States Food and Drug Administration (FDA) proposed new regulations regarding over-the-counter sunscreens to keep up with recent scientific and safety information. This proposal will be available for ninety days from its announcement on February 21, 2019, and addresses safety concerns of common sunscreen ingredients. Further, the proposal addresses the labeling of sunscreen, trying to make it easier for consumers to identify the product information. While this proposal seeks to alleviate safety concerns, the regulation could potentially make it more difficult for new ingredients to be approved.

Rush University Medical Center’s 2019 Privacy Breach Incident

In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.

Facebook’s Watching… For Now

Ever since the Facebook and Cambridge Analytica scandal, concerns surrounding data privacy and protection have been growing. Both government agencies and individual users have particularly been concerned on how their data is being collected and used on social media websites such as Facebook. Germany has taken action in response to such concerns and recently took a step against Facebook’s collection of data in a decision that outlawed Facebook’s entire advertisement regime.

“On Demand” Abortions: Protection for Women’s Rights or Expansion of Late-Term Abortions?

With the recent change of New York’s abortion law, legislators granted women the affirmative right to abortions under the state’s public-health law. Under the Reproductive Health Act, restrictions on abortion past twenty-four weeks are removed legalizing abortion up until the day of birth. This bill was passed on the 46th anniversary of the Roe v. Wade decision. The new bill comes as a reaction to the confirmation of conservative Supreme Court Justice Brett Kavanaugh, giving protection to women’s access to abortion if Roe v. Wade is overturned. Proving to be very controversial, the change has advocates and critics at odds with its potential future effects.

Amazon Go versus the GDPR

New data privacy regulations entail questioning both current and future technologies. Recently, Amazon has introduced a store concept that eliminates everyone’s least favorite things about shopping, long lines and small talk. Amazon Go is the grocery store of the future and these stores allow consumers to walk in, pick up the items that they need, and then walk right back out. That’s it. No long lines, no cashiers, no shopping carts. However, as great as this concept seems, there are still concerns from a data privacy standpoint as Amazon needs to collect personal data from its consumers in order to be able to lawfully execute these checkout-less stores.

Impact of Provisions of Revised Rules of FDA-Regulated Clinical Investigations

The FDA regulationson human subject protection and Institutional Review Boards(IRBs) provide guidance to protect the rights, safety, and welfare of subjects who participate in FDA-regulated clinical investigations. The regulations conform with the requirements set forth by the Department of Health and Human Services (HHS) Federal Policy of Human Research Subjects(45 CFR 46, part A).  In order to reduce confusion and burdens associated with complying with both the FDA regulations and the HHS policies regarding human subject protections, the FDA is revising the current “common rule”.

New SEC Report Cautions Public Companies to Safeguard Assets From Cyber Fraud

In the age of digitization, data seems less secure than ever. Public companies constantly attempt to safeguard both personal and financial data, yet their efforts fail due to new outbreaks of malicious encryption viruses and persistent email phishing attempts. Data breaches and cyber fraud carry severe financial implications for public companies who fall victim to these types of attacks. But a new Securities and Exchange Commission (SEC) report says that public companies that are easy targets of cyber scams could also be in violation of federal securities laws and accounting regulations that call for firms to safeguard their assets. Although the SEC has issued its warning to public companies about the compliance and financial risks posed by cyber fraud, many companies are still struggling to implement effective protections against newly-evolved forms of cyber-attacks. 

Stemming the Tide of Medical Information Data Breaches

Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.

Electronic Health Record Compliance Measures Benefit Patient Centered Care

In a time when data breaches occur fairly frequently, whether it’s credit card information being stolen from department stores or a credit reporting bureau breach affecting hundreds of millions of customers, keeping personal information private seems to get harder every day. That fact may give patients pause when they are asked to sign up for an electronic health record account. A 2017 survey listed electronic health record management as one of patients top concerns. Changes in recent years have led to changes in compliance measures that make electronic health records security an added benefit to patients and ensure the continued increase of their adoption.