Artificial intelligence (AI) is a simulation of human intelligence that is subsequently processed by machines. It has revolutionized the healthcare space by improving patient outcomes in a variety of ways. It has also begun to leave a positive impact in health systems and hospitals as healthcare worker burnout remains on the rise. However, there are significant legal challenges that accompany its groundbreaking nature. Hospitals and health systems have a duty to mitigate these legal challenges and understand that AI should be used as a supplement, not a replacement, to human intelligence.
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.
On February 9, a group of senators led by Tammy Baldwin of Wisconsin and Bill Cassidy of Louisiana introduced a new bill, the Health Data Use and Privacy Commission Act (the “Act”), in attempt to revitalize current legislation regarding the protection and use of health data. The bill also has the support of a number of representatives from within the healthcare industry, including Epic, IBM, and Teladoc Health, as well as a number of professional associations like the American College of Cardiology, the Association for Behavioral Health and Wellness, and the Association of Clinical Research Organizations.
On March 12, 2019, the Department of Justice (“DOJ”) announced revisions of the Corporate Enforcement Policy in the Foreign Corrupt Practices Act. The changes now require company oversight of ephemeral messaging apps used by any employee, stock holder, or agent who discusses business records via the messaging platform. Publicly traded companies must now establish internal compliance policies to review use of ephemeral messaging services, provide ongoing oversight of the messaging services, and may want to completely prohibit the use of such messaging apps for business purposes.
Every day, thousands of gigabytes of data flow around the world. Transfers between consumers and producers make up a large portion of that data. There has been talk recently of the commercialization of said data, such as Facebook and Google selling their users’ data to third parties. These third parties are more than willing to pay large sums for this information, as it provides actionable data on consumer trends, such as their likes and dislikes. This data can be used by companies to shift their marketing strategies to capture a greater market share. For the e-commerce retailer, whether large or small, this data can be valuable as a resource and a commodity. As such, knowing what you can and can not do with the data is important. Here, we will be discussing Data Management risks when it comes to the collection of consumer data.
In the last month, multiple large-scale data breaches were reported by various entities, with 3 breaches reported in the past week alone. Unfortunately, even the most well-known entities do not stand a chance against increasing technological abilities of bad actors. Since the Equifax breach in early September, Whole Foods, Sonic, Deloitte and the Securities Exchange Commission, among others, had similar large-scale breaches affecting consumers across the country.
Illinois’ Personal Information Protection Act (“PIPA”) became effective on January 1, 2017. Illinois is just one of many states that recently strengthened their data breach notification systems and created data security laws to enhance protection of personal information. Like other state provisions, Illinois created stronger safeguards for personal information transmitted electronically. This act requires that all personal information provided electronically must be encrypted or redacted. The amendments to PIPA (1) broadened the statute’s definition of personal information; (2) clarified the safe harbor for encryption; (3) addressed required notification to residents after a breach; and (4) established limited exemptions.
Amanda Bogle Executive Editor Loyola University Chicago School of Law, JD 2017 When a data breach occurs in an organization, determining whether there is a duty to notify can get complicated quickly. In investigating a breach, the specific facts of the incident become extremely important, as not every breach will require notification. The residency …