We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
The State of Nevada has adopted its own Health Data Privacy Act which will be effective March 31, 2024. This Act was modeled after Washington's My Health Data Act, but unlike it, the Act doesn't carry a private right of action. The adoption of this Act shows the growing concerns about health data privacy and more generally about data privacy.
The Data Act is a legislative proposal to regulate how industrial data is accessed and shared. It concerns Business-to-Customer and Business-to-Business data-sharing. Some points are still discussed such as how to deal with trade secrets, the territorial scope, the problem of product safety and the date of application. Furthermore,Cloud providers are mandated to avoid creating barriers for users wanting to switch to a different provide.
The AI Act Is Underway With The AI Rulebook Adopted
The AI rulebook is part of the AI Act, a European legislation pertaining to Artificial Intelligence (AI).
On June 14th, changes were enacted on the text, where all propositions that hadn't been agreed upon in committee were dismissed. New and more specific duties were put forth for high-risk AI providers and the need to conduct assessments of fundamental rights impacts and environmental impact monitoring was introduced. Following this, inter-institutional discussions will be held between the EU Parliament, the EU Council of Ministers, and the European Commission. T
A New Framework For Data And AI Between The US And The UK
The Atlantic Declaration between the US and the UK establishes the need for a new data bridge between the two countries. The establishment of this data bridge could significantly streamline the process of data transfers for everyone involved.To achieve this, some adjustments still need to be made on both sides of the pond. The Declaration also announces an accelerated cooperation with a focus on ensuring the safe and responsible development of the technology. The countries will also deepen the collaboration on Privacy Enhancing Technologies (PETs).
Click to read more
Clinical Test Data Of 2.5 million People Stolen From Biotech Company Enzo Biochem
Enzo Biochem experienced in April a ransomware attack that impacted 2.5 million people. Test information, names and 600 000 social security numbers were stolen. The company, upon notice of the ransomware attack, deployed containment measures such as disconnecting its systems from internet, and notified law enforcement. They are still evaluating the full cost and impact of this attack. The company confirmed in the SEC filing that this event had brought srcutiny from regulatory authorities.
The European Commission and WHO : Digital Health Partnership
The EU Commission and World Health Organization launched on June 5th a digital health partnership. “Building on the EU’s highly successful digital certification network, WHO aims to offer all WHO Member States access to an open-source digital health tool, which is based on the principles of equity, innovation, transparency and data protection and privacy,” said Dr Tedros Adhanom Ghebreyesus, WHO Director-General. “New digital health products in development aim to help people everywhere receive quality health services quickly and more effectively”.
Bias in AI-based Models For Medical Applications: Challenges And Mitigation Strategies
AI is increasingly used or planned to be used in healthcare from AI-augmented clinical research to algorithms for image analysis or disease prediction. While artificial intelligence holds immense potential, it also poses certain threats, such as the propensity for bias, which predominantly affects marginalized communities. AI model development stages like data collection, creation, evaluation, and clinical deployment can introduce bias. Broad data access is crucial for model training but should honor privacy norms.
G7 Data Protection Authorities Point To Key Concerns On Generative AI
The G7 Data Protection and Privacy Authorities (DPAs) met on the 20th and 21th of June in Japan to discuss key privacy and data protection topics, including the development of the concept of Data Free Flow with Trust (DFFT) and its future operationalization, emerging technologies and enhancing enforcement cooperation. Following their meeting, the G7 DPAs issued a brief on generative AI, highlighting key privacy and data protection risk areas.
The potential of blockchain technology extends into various sectors, including healthcare. This technology could facilitate a secure exchange of a patient's health records. A decentralized approach would enhance data security and enable tracking of record access, revealing who has accessed the data and who has the authority to do so. Thus Blockchain could be an answer to the conundrum between privacy, security and the need to share the data with all interested parties.
Click to read more
Data Privacy Enforcement
PRHC Reaches $988K Proposed Settlement For Patient Privacy Breaches In 2011-2012
The Peterborough Regional Health Centre (Canada) proposed a settlement of $988,550 in a class-action lawsuit relating to patient health records being wrongfully accessed by former employees in 2011-2012. Approximately 280 patients were affected by these patient privacy beaches where their personal information was inappropriately accessed. This demonstrates the importance of implementing a robust policy for access control, otherwise, adverse effects may ensue.
Click to read more
FTC Against Genetic Testing Company 1Health
The Federal Trade Commission (FTC) issued an administrative complaint against the genetic testing firm 1Health.io as it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected. The FTC proposed a settlement which includes DNA deletion requirements, the prohibition of sharing health data with third parties and $75,000 as consumer refunds.
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.
In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.
Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.