Tag:

HIPAA

The Quiet Corporate Health Cybersecurity Struggle Playing Out in Plain Sight

Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.

Senate Brings Bipartisan Attempt to Update Health Privacy Regulations

On February 9, a group of senators led by Tammy Baldwin of Wisconsin and Bill Cassidy of Louisiana introduced a new bill, the Health Data Use and Privacy Commission Act (the “Act”),  in attempt to revitalize current legislation regarding the protection and use of health data. The bill also has the support of a number of representatives from within the healthcare industry, including Epic, IBM, and Teladoc Health, as well as a number of professional associations like the American College of Cardiology, the Association for Behavioral Health and Wellness, and the Association of Clinical Research Organizations.

Hospitals Across the Country at Serious Risk for Coordinated Ransomware Attacks

The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.

COVID-19 Vaccine Passports and Privacy Concerns

As businesses begin to reopen and resume operations after the pandemic, there are discussions surrounding possible vaccine passports and the concerns protecting individuals’ personal health information. COVID-19 vaccines are becoming more available within the country and more Americans feel safe to resume their normal lives. Many states and businesses are contemplating the idea of making vaccine passports a requirement for travel and large events. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was created to protect personal health information. As other countries are beginning to require proof of vaccination, many are contemplating whether vaccine passports are permitted by HIPAA or if the requirement will actually violate the federal health privacy law.

Reproductive Health Data Privacy – A Right To Life

Following the Supreme Court decision to overturning Roe v. Wade on June 24, 2022, the Dobbs v. Jackson Women’s Health Organization ruling that gutted the long-established right to an abortion has been a constant focus, both inside and outside of the legal and healthcare communities. Notably, the ruling has remained a central focus within both the government, federal and state, and surrounding the tech sector. And these Dobbs-related conversations have a theme – the topic of health data privacy. But more specifically, discussions about data privacy surrounding reproductive healthcare.

Healthcare’s Red and Blue Pill: AI

Artificial Intelligence (AI) has gained widespread attention, often perceived as a buzzword. Recently, concerns about its potential dangers and issues with plagiarism have surfaced. However, AI holds immense promise for transforming industries reliant on data analysis and predictive algorithms, especially in healthcare. AI can significantly improve healthcare by aiding in diagnosis, optimizing patient outcomes, reducing costs, and saving time.

Meta Sued for Unlawful Collection of Patient Data

A recent class action lawsuit alleges Meta (the parent company of Facebook) used an illegal tracking tool to retrieve patient information from over 664 hospitals for marketing purposes. Meta and a handful of US-based hospitals have violated privacy laws such as HIPAA that control the means and methods for lawfully handling covered medical information. John Doe filed the case on June 17, 2022, in the U.S. District Court for the Northern District of California, seeking class action certification for a jury trial to recover compensatory damages and attorney’s fees.

Patient Privacy in the Post Roe Era

On June 24, 2022, the Supreme Court finally handed down its long-awaited opinion in Dobbs v. Jackson Women’s Health Organization. In this decision, the Court set aside nearly 50 years of precedent and unequivocally overruled Roe v. Wade, declaring that there is no Constitutional right to abortion. This decision will unsurprisingly change laws and significantly impact millions of people across the country. Although pro-choice activists have been bracing for this outcome and mobilizing to maintain access to abortions, they have to contend with a consideration that did not exist to the same magnitude the last time that abortion was illegal in the US: anti-abortion laws’ impact on data privacy.

The Case for Expanding Privacy Protections in a Post-Roe World

In Dobbs v. Jackson Women’s Health Organization (Dobbs), the US Supreme Court ruled that abortion is not a fundamental right protected by the Constitution. This decision resulted in additional abortion protections in California, Michigan, and Vermont, and prompted many patients, providers, regulators, and tech companies to rethink data privacy. However, because most abortions are still banned in at least 13 states, this patchwork of state abortion laws, combined with the lack of any sufficient national privacy law, puts patient privacy at risk.

A Collaborative Effort in Defeating Healthcare Cyber Attacks

In an effort to improve cybersecurity in the healthcare sector, a bipartisan bill was introduced in Congress on September 13, 2022, by Republican Brian Fitzpatrick of Pennsylvania and Democrat Jason Crow of Colorado. The Healthcare Cybersecurity Act relies on a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together in improving cybersecurity in the healthcare sector.  The Act has been introduced as a result of record high increases in health data breaches across the country over the last several years. The goal is to provide resources for training and heighten efforts taken across the nation to mitigate cybersecurity risk. The Act would not only improve patient care but save healthcare cost by taking a proactive approach.