Regulations

Switzerland's Revised Data Protection Act

The Swiss Federal Act on Data Protection (FADP) has been in effect since September 1, 2023. This legislation closely mirrors the European Union's General Data Protection Regulation (GDPR). Among its provisions, companies not based in Switzerland are, in certain situations, required to designate a data protection representative within the country. The act also establishes fresh guidelines for reporting data breaches. However, there are still notable differences between the FADP and the GDPR.

Click to read more

Will the EU - U.S. Data Privacy Framework Endure ?


The predecessors of the Data Privacy Framework (DPF), the Safe Harbor framework and the Privacy shield, were legally challenged by Max Schrems, a privacy activist before the Court of Justice of the European Union (CJEU). The CJEU faulted these two frameworks for failing to ensure safeguards against exceeding surveillance in a democratic society. The DPF might meet a similar end, especially if Max Schrems decides to challenge it again. However, this time, it might not stand up to scrutiny.

Click to read more

HIPAA's True Reach On Health Data


The reach of HIPAA is not all-encompassing. It doesn't cover data that individuals produce and disseminate on their own, such as consumer-generated data. Its jurisdiction is primarily over entities like hospitals and medical practices. Third-party associates, including subcontractors, health plans, insurance firms, and individual physician providers, also fall under its purview. For optimal data protection, it's advised that patients utilize platforms like the hospital's data portal and avoid distributing their information beyond secure infrastructures.

Click to read more

Germany's Upcoming Legislation On Health Data Usage


The German Data Protection Conference (DSK), an independent body made up of German Data Protection Authorities, has released their view on a draft bill concerning the usage of health data. It seems the draft neglects certain data protection standards, including the rights of the data subjects, the principle of storage limitation (by omitting stipulations for a maximum storage duration), and the lack of proper measures and protections for the benefit of data subjects. In response to these issues, the DSK has suggested several amendments to the bill.

Click to read more

PETs - Privacy Enhancing Technologies

Introducing The Innovative PET Act: A New Paradigm ?


In the U.S., lawmakers from both parties have presented a bill focused on Privacy Enhancing Technology (PET). Named the PET Research Act, its purpose revolves around fostering the growth of PETs. This legislation champions a partnership between the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST) to advance the creation, implementation, and widespread use of PETs. Additionally, the act seeks to enhance inter-agency collaboration to encourage ethical data practices. A significant component of the bill emphasizes establishing standardization for PETs, targeting the creation of consistent practices and technical standards across both private and public sectors.

Click to read more

Artificial Intelligence

AI's Ability To Decode Pseudonymized Data: Exploring The Dangers


AI might challenge data privacy. By merging multiple data sets, AI can potentially decode pseudonymized data, a phenomenon known as the mosaic effect. This allows AI to detect patterns and pinpoint individual identities. Anonymizing the data could reduce reidentification risks. Additionally, instead of relying on consent or contracts, it's advised to use legitimate interest as the foundation for data collection.

Click to read more

Is AI-Generated Data Truly Authentic ?


Synthetic data, also known as AI-generated data, is derived from patient datasets using AI. While this method ensures patient privacy, it hasn't been widely adopted. A frequent concern is the potential inaccuracy of the synthetic data, as it may not always capture all variables of actual patients. As the data's accuracy improves, the threat of data breaches also increases. Numerous businesses are on the lookout for a method that assures both precision and confidentiality.

Click to read more

Cybersecurity

Malware: The Biggest Health Care Cyber Threat


BlackBerry's recent Global Threat Intelligence Report indicates that the finance and healthcare sectors are most targeted by cyber threats. Within healthcare, the primary danger comes from malwares or infostealers. Attackers aim for valuable health information or ransoms from disrupting crucial healthcare operations. The report suggests healthcare will likely continue being a primary target, with potential shifts towards advanced phishing efforts or the application of generative AI.

Click to read more

MOVEit's Vulnerability: What's At Stake?


Many US entities, including healthcare organizations, relied on MOVEit, a file-transfer software. Even three months post the vulnerability's discovery, several organizations are still gauging the breach's ramifications. Breach notifications are continually emerging. For instance, the Colorado Department of Health Care Policy & Financing (HCPF) estimated a whopping 4 million individuals were affected. Meanwhile, the debt collection firm Radius Global Solutions disclosed an impact on 600,000 individuals. The total affected might be even higher.

Click to read more

Security Weaknesses In Medical Devices


The Health Information Sharing and Analysis Center (Health-ISAC), in collaboration with Finite State and Securin, unveiled a joint report detailing the Cybersecurity landscape for Medical Devices and Healthcare Systems. Notably, the 2023 edition witnessed a 59% spike in vulnerabilities compared to the 2022 report, identifying 993 vulnerabilities across 966 medical devices. Alarmingly, 160 of these vulnerabilities are now weaponized. Breaking it down, software applications accounted for 64% of these weak points, hardware 27%, and operating systems trailed at 9%.

Click to read more

Launching The Digital Health Security Initiative


The U.S. Department of Health and Human Services established an agency dedicated to exploring cybersecurity solutions to bolster healthcare protection. This body introduced the Digital Health Security project, aiming to gather suggestions from researchers and technologists regarding cybersecurity instruments tailored for healthcare institutions, hospitals, clinics, and medical devices. The campaign welcomes contributions from everyone, encompassing academics, nonprofit investigators, and industry experts.

Click to read more

Data Privacy Enforcement

Google's Interaction With Healthcare Provider Websites


Numerous complaints were lodged against Google for gathering sensitive and health-related data from healthcare providers' websites. Web users recently sought a legal order to prevent Google from collecting data from such sites, presenting a statement from an ex-Google worker who reportedly discovered Google's code on pages with confidential information. In response, Google requested the judge dismiss the order, claiming it's just a basic analytic tool managed by the website operators.

Click to read more

Home

Discover our latest newsletter

View All Newsletters
Mar 2024
Regulations & Guidelines
AI
Data Privacy Enforcement
Data Governance
Biotech & Healthtech

Newsletter #11

As we kick off 2024, the eleventh edition of our newsletter zeroes in on the most recent developments in privacy regulations and guidelines. It also spotlights the latest happenings in the Biotech and Healthtech sectors related to data. Don't miss our podcast recommendations, featuring an enlightening interview with OWKIN's CEO and a compelling discussion on the intersection of developers and privacy. Enjoy!

Feb 2024
Regulations & Guidelines
PET
Data Privacy Enforcement
AI
Data Breach & Cybersecurity

Newsletter #10

2024 already delivers its promises - this month was stacked with guidelines, regulations, new. Here's your monthly digest !

Jan 2024
Regulations & Guidelines
AI
Data Privacy Enforcement
Cybersecurity
Healthcare

Newsletter #9

Here's a wrap-up of all the latest privacy news from December 2023 !