Summary

In this edition, we cover major regulatory shifts and AI advancements shaping healthcare and data security. The U.S. tightens HIPAA security rules, the EU rolls out the European Health Data Space (EHDS) for cross-border health data exchange, and new U.S. regulations restrict sensitive health data transfers to certain countries. Meanwhile, AI is revolutionizing healthcare, with Truveta’s 10M-volunteer Genome Project, Owkin’s AI-powered drug development, and AI-driven medical scribes making waves—though accuracy concerns remain. On the data privacy front, GDPR fines have soared to €5.88B, with Ireland leading at €3.5B, and the UK ICO reports 36K data complaints and £1.27M in fines, highlighting ongoing challenges in digital security.

Regulations & Guidelines

­­

HHS Proposes Stricter HIPAA Security Rules to Boost Cybersecurity

­HHS proposed significant updates to the HIPAA Security Rule on January 6, 2025, to strengthen cybersecurity protections, making all implementation specifications mandatory and introducing stricter compliance measures. Key changes include detailed asset inventories, enhanced risk analysis, mandatory incident response plans, stricter patch management, and annual business associate audits, with a public comment period open until March 7, 2025.

­ Click to read more­

Trump Reverses Biden’s Executive Order on AI Risk Regulation

On January 20th 2025­U.S. President Donald Trump  revoked a 2023 executive order signed by Joe Biden that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security. Biden's order required developers of AI systems that pose risks to U.S. national security, the economy, public health or safety to share the results of safety tests with the U.S. government, in line with the Defense Production Act, before they were released to the public.

­ Click to read more­

EU Adopts European Health Data Space (EHDS) to Boost Digital Healthcare

­The Council of the EU has adopted the European Health Data Space (EHDS) regulation, making it easier to access and exchange electronic health data across the EU, while giving individuals greater control over their personal data. The EHDS will enhance cross-border healthcare, support medical research with pseudonymized data, and ensure interoperability of electronic health records (EHRs), with the regulation set to take effect 20 days after its official publication.

­ Click to read more­

EDPB Releases 2025 Guidelines on Pseudonymisation for GDPR Compliance

The European Data Protection Board (EDPB) has released its Guidelines 01/2025 on Pseudonymisation, now open for public consultation until February 28, 2025, providing practical guidance on how pseudonymisation can serve as a safeguard for GDPR compliance. The guidelines outline technical and organisational measures to prevent re-identification, support data minimisation and confidentiality, enable cross-border data transfers, and enhance privacy protections in sectors like clinical research while maintaining data usability.

­ Click to read more­

Tightens Data Flow Regulations to Protect Sensitive Health and Genomic Information

The U.S. government introduced new regulations on January 8, 2025, restricting the transfer of sensitive personal, genomic, and biospecimen data to certain “countries of concern.” These measures aim to prevent unauthorized access to critical health-related data, reinforcing national security and privacy protections.

­ Click to read more­

Data Breach & Cybersecurity 

­­

USR Holdings Fined $337,750 for HIPAA Violations After ePHI Data Breach

­The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) settled with USR Holdings, LLC for $337,750 over HIPAA Security Rule violations following a breach that exposed 2,903 individuals’ electronic protected health information (ePHI). The investigation revealed failures in risk assessments, system activity reviews, and ePHI protection, leading USR to implement a corrective action plan to strengthen its HIPAA compliance.

­ Click to read more­

Estonia: DPI fines Asper Biogene €85,000 for GDPR Violations

­

Asper Biogene OÜ was fined €85,000 by the Data Protection Inspectorate for GDPR violations, including inadequate security measures and improper DPO appointment, following a breach of 100,000 files with sensitive data.

­ Click to read more­

Italy’s Garante Fines Hospital €25K for Data Breach Violation

­The Italian data protection authority fined Antonio e Biagio e Cesare Arrigo University Hospital €25,000 for GDPR violations after a ransomware attack in December 2022 compromised personal data due to inadequate security measures, including lack of system updates and multi-factor authentication.

­ Click to read more­

GDPR Fines Reach €5.88B in 2024, with Ireland Leading at €3.5B Since 2018

­In 2024, a total of EUR1.2 billion in GDPR fines were issued across Europe, with Ireland leading at EUR3.5 billion since 2018. The overall fines since GDPR's implementation now total EUR5.88 billion, with the largest fine being EUR1.2 billion against Meta Platforms in 2023.

­ Click to read more­

AI & Techbio

­­

AI-Powered ‘Scribes’ Revolutionize Medical Note-Taking in Healthcare

­Investment in AI medical note-taking apps surged to $800 million in 2024, with major companies like Microsoft and Amazon leading the charge. These tools aim to reduce administrative burdens on physicians, though accuracy issues and AI-generated "hallucinations" pose challenges. Trials show significant time savings, but manual oversight remains crucial for reliability.

­ Click to read more­

How AI is Transforming Drug Development: Insights from Owkin

­Paris-based biotech Owkin is leveraging AI to enhance drug development efficiency, aiming to double the industry’s success rate by optimizing clinical trial design and identifying new treatment opportunities. While not directly designing drugs, Owkin’s AI helps analyze large datasets, predict promising tumor targets, and create synthetic control arms, enabling faster and more cost-effective trials without requiring regulatory approval for AI-driven decisions.

­ Click to read more­

Bioptimus Secures $76M to Launch Revolutionary Foundation Model for Biology

­Bioptimus an OWKIN spinoff (read above)has secured $76 million in funding, including $41 million from Cathay Innovation and other investors, to develop a universal AI foundation model for biology, aiming to transform research in various industries.

­ Click to read more­

BioTech, Healthtech and Healthcare

­­

Scaling Healthcare Data: Unlocking Insights with AI and Patient-Centered Innovation

­Turning fragmented healthcare data into actionable insights requires strong infrastructure and expertise. This article explores how AI and LLMs play a key role in improving patient care and clinical outcomes.

­ Click to read more­

Truveta Launches Genome Project to Build a 10M-Volunteer Genetic Database for Personalized Medicine

­Truveta launches the Genome Project to create a genetic database for personalized medicine, utilizing patient biospecimens with consent. The initiative, backed by significant investments, aims to sequence exomes of 10 million volunteers while addressing ethical and privacy concerns related to genomic data.

­ Click to read more­ ­  ­

Food For Thought

­­

Insights from JPM Healthcare Conference

­The JPM Healthcare Conference that took place in January 2025 in San Francisco featured major AI and digital health announcements, including NVIDIA’s partnerships with IQVIA, Illumina, Mayo Clinic, and Aignostics to advance AI-powered drug discovery, genomics, and digital pathology. Truveta launched the Truveta Genome Project with Regeneron, Illumina, and Microsoft, aiming to surpass the UK Biobank by linking genomic data with de-identified medical records, while Dexcom expanded CGM trials for type 2 diabetes and launched Stelo, its over-the-counter CGM on Amazon. Other notable updates include Waystar’s AltitudeAI for automated insurance claims, Tempus AI’s upgraded generative assistant for precision medicine, ConcertAI’s oncology-focused AI tool, and Health Catalyst’s $86M acquisition of Upfront Healthcare to enhance patient engagement and care coordination.

­

ICO publishes 2024 year-in-review

­The UK's ICO reported 36,049 data protection complaints and 1,991 personal data breaches in 2024, issuing £1.27 million in fines. Key actions included a public consultation on generative AI.

­ Click to read more

Podcasts 

­­­

iliomad's News

­

EUCROF Conference Copenhagen - 2025

­

iliomad Health Data will be attending the EUCROF Conference in the beautiful city of Copenhagen from February 2nd to February 4th. We look forward to forging new partnerships during this exciting gathering of CRO companies!

­ Click to read more

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest newsletter

View All Newsletters
Feb 2025
Biotech & Healthtech
AI
Data Breach & Cybersecurity
Healthcare
Food For Thought

Newsletter #22

Jan 2025
Regulations & Guidelines
Biotech & Healthtech
AI
Data Privacy Enforcement
Food For Thought

Newsletter #21

Our latest newsletter highlights critical updates in data privacy and healthtech from 2024, including GDPR data sharing guidelines, AI advancements like Cleerly’s imaging solutions, and ongoing challenges in data security and environmental sustainability. As we look toward 2025, we’re excited to continue driving innovation and helping navigate the evolving landscape of regulations, AI, and healthcare data management.

Dec 2024
Regulations & Guidelines
Biotech & Healthtech
AI
Data Governance
Data Privacy Enforcement

Newsletter #20

🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.