Privacy and Data Security

Subscribe to Privacy and Data Security via RSS

In an era where cyber threats are escalating, healthcare has emerged as a critical battleground for security. Its significance has become increasingly crucial as the intersection of healthcare, cybersecurity, and technology permeates every aspect of our lives. In the fifteenth episode of Sheppard Mullin’s Health-e Law Podcast, Jonathan Meyer, former General Counsel of the Department of Homeland Security and current partner at Sheppard Mullin, offers a deep dive into the implications of cybersecurity threats on the healthcare industry as well as national security.Continue Reading Healthcare Security is Homeland Security: A Discussion with Jonathan Meyer

The proposed New York Health Information Privacy Act (NYHIPA), currently awaiting Governor Kathy Hochul’s signature, represents a major step in the state’s approach to protecting personal health data in the digital age. At its core, the bill aims to establish stronger privacy protections and restrict the use and sale of health-related data without explicit user consent. Supporters see it as a necessary evolution of data privacy laws, addressing gaps in federal regulations like HIPAA and responding to growing consumer concerns.Continue Reading New York’s Health Information Privacy Act: A Turning Point for Digital Health or a Roadblock to Innovation?

Cyberattacks on healthcare organizations are on the rise, with the number of affected individuals nearly tripling between 2022 and 2024, according to data compiled by the Department of Health and Human Services Office for Civil Rights (“OCR”).[1] OCR data also reveals a 239% and 278% increase in hacking incidents and ransomware attacks, respectively, between January 2018 and September 2023.Continue Reading New York Adopts Comprehensive Hospital Cybersecurity Requirements

The Centers for Medicare & Medicaid Services (“CMS”) and its contractor, Wisconsin Physicians Service Insurance Corporation (“WPS”), recently notified over 940,000 Medicare beneficiaries of a data breach that has potentially exposed their protected health information (“PHI”) and personally identifiable information (“PII”). CMS reported on the breach portal of the U.S. Department of Health and Human Services (“HHS”) that the total number of impacted people was 3,112,815 individuals.Continue Reading Over 940,000 Medicare Beneficiaries Impacted by Data Breach

Ethical hackers are becoming crucial allies in the battle against healthcare data breaches and ransomware attacks. In the twelfth episode of Sheppard Mullin’s Health-e Law Podcast, Ilona Cohen, Chief Legal Officer and Chief Policy Officer of HackerOne, delved into the pressing issue of cybersecurity in the healthcare sector and the pivotal role that ethical hacking may play, with Sheppard Mullin’s Phil Kim, Sara Shanti, and Michael Sutton.Continue Reading Healthcare Needs More Hackers: A Discussion with Ilona Cohen

With technology rapidly evolving and jurisdictions appearing blurred, it is increasingly important to be mindful of data flow and use. This is particularly true where patient data is being accessed by offshore subcontractors.Continue Reading Do You Catch Our Drift? Navigating the Waters of Offshoring and Patient Data

Gradually, data is being recognized as an asset in an increasingly data-hungry healthcare industry. In the tenth episode of Sheppard Mullin’s Health-e Law Podcast, Arti Bedi Pullins, President and Chief Healthcare Officer at QuestionPro, discusses how industry players can recognize the value of data as an asset with Sheppard Mullin’s Digital Health Team co-chairs, Sara Shanti and Phil Kim.Continue Reading Assessing Data Assets in Healthcare: A Discussion with Arti Bedi Pullins

On November 2, 2023, the American Hospital Association and Texas Hospital Association, in conjunction with the Texas Health Resources and United Regional Health Care System, filed suit against the Secretary of the Department of Health and Human Services (“HHS”) and the Director of the HHS Office for Civil Rights (“OCR”) regarding OCR’s guidance on the use of online tracking technologies by HIPAA entities.[i] This action and its results will impact how healthcare entities must protect and may use certain information collected on their digital sites.Continue Reading Caught in the Web: Hospital Associations Sue OCR on Third-Party Web Tracking Guidance

As more and more states are enacting privacy laws, organizations in the health care industry may be wondering what the impact these laws will have on them. At this point, there are privacy laws in 12 states, with one more (Delaware) likely to be signed by the governor soon. Those laws are in California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. (There is also a new law in Delaware currently pending the governor’s signature). Not all are in effect. Only the laws in California, Connecticut, Colorado and Virginia are effective. The others will go into effect between December of this year and 2026, as follows:Continue Reading State Privacy Law Roundup: What Health Care Companies Need to Know

In May, the Federal Trade Commission (“FTC”) proposed changes (the “Proposed Rule”) to the Health Breach Notification Rule (the “Rule”),[1] which, among other items, emphasize that the Rule applies to mobile health applications and related technologies that use or otherwise compile consumers’ health information.[2] While the FTC’s position on this point is not entirely new,[3] industry interpretations of the Rule have been inconsistent.Continue Reading FTC Proposes Changes to Health Breach Notification Rule Clarifying Application to Health and Wellness Apps