Ethical hackers are becoming crucial allies in the battle against healthcare data breaches and ransomware attacks. In the twelfth episode of Sheppard Mullin’s Health-e Law Podcast, Ilona Cohen, Chief Legal Officer and Chief Policy Officer of HackerOne, delved into the pressing issue of cybersecurity in the healthcare sector and the pivotal role that ethical hacking may play, with Sheppard Mullin’s Phil Kim, Sara Shanti, and Michael Sutton.Continue Reading Healthcare Needs More Hackers: A Discussion with Ilona Cohen
Privacy and Data Security
Do You Catch Our Drift? Navigating the Waters of Offshoring and Patient Data
With technology rapidly evolving and jurisdictions appearing blurred, it is increasingly important to be mindful of data flow and use. This is particularly true where patient data is being accessed by offshore subcontractors.Continue Reading Do You Catch Our Drift? Navigating the Waters of Offshoring and Patient Data
Assessing Data Assets in Healthcare: A Discussion with Arti Bedi Pullins
Gradually, data is being recognized as an asset in an increasingly data-hungry healthcare industry. In the tenth episode of Sheppard Mullin’s Health-e Law Podcast, Arti Bedi Pullins, President and Chief Healthcare Officer at QuestionPro, discusses how industry players can recognize the value of data as an asset with Sheppard Mullin’s Digital Health Team co-chairs, Sara Shanti and Phil Kim.Continue Reading Assessing Data Assets in Healthcare: A Discussion with Arti Bedi Pullins
Caught in the Web: Hospital Associations Sue OCR on Third-Party Web Tracking Guidance
On November 2, 2023, the American Hospital Association and Texas Hospital Association, in conjunction with the Texas Health Resources and United Regional Health Care System, filed suit against the Secretary of the Department of Health and Human Services (“HHS”) and the Director of the HHS Office for Civil Rights (“OCR”) regarding OCR’s guidance on the use of online tracking technologies by HIPAA entities.[i] This action and its results will impact how healthcare entities must protect and may use certain information collected on their digital sites.Continue Reading Caught in the Web: Hospital Associations Sue OCR on Third-Party Web Tracking Guidance
State Privacy Law Roundup: What Health Care Companies Need to Know
As more and more states are enacting privacy laws, organizations in the health care industry may be wondering what the impact these laws will have on them. At this point, there are privacy laws in 12 states, with one more (Delaware) likely to be signed by the governor soon. Those laws are in California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. (There is also a new law in Delaware currently pending the governor’s signature). Not all are in effect. Only the laws in California, Connecticut, Colorado and Virginia are effective. The others will go into effect between December of this year and 2026, as follows:Continue Reading State Privacy Law Roundup: What Health Care Companies Need to Know
FTC Proposes Changes to Health Breach Notification Rule Clarifying Application to Health and Wellness Apps
In May, the Federal Trade Commission (“FTC”) proposed changes (the “Proposed Rule”) to the Health Breach Notification Rule (the “Rule”),[1] which, among other items, emphasize that the Rule applies to mobile health applications and related technologies that use or otherwise compile consumers’ health information.[2] While the FTC’s position on this point is not entirely new,[3] industry interpretations of the Rule have been inconsistent.Continue Reading FTC Proposes Changes to Health Breach Notification Rule Clarifying Application to Health and Wellness Apps
Texas is Making Moves on a Comprehensive Consumer Privacy Law
Texas is joining a growing number of states in passing comprehensive privacy legislation intended to safeguard consumer personal data.[1] Specifically, the Texas Data Privacy and Security Act (the “Act”) adds protections for consumers[2] and their personal data, which includes any information that is linked or reasonably linkable to an identified or identifiable individual.[3]Continue Reading Texas is Making Moves on a Comprehensive Consumer Privacy Law
Web Tracking Creates a Web of Data Privacy Risks
Regulatory enforcement and large litigation relating to the use of third party trackers on companies’ websites and applications have been on the rise. Tracking often occurs without the companies’ knowledge or consent. Third party tracking on hospital and provider websites has specifically garnered notable media attention. Recently, there has been significant activity by the Federal Trade Commission (“FTC”) under the Health Breach Notification Rule for unauthorized sharing of personal information. It has begun to penalize and impose steep corrective actions, including long-impacting future restrictions, for such violations.Continue Reading Web Tracking Creates a Web of Data Privacy Risks