Newsletters

Happy November ! Here's our latest newsletter !

Global data privacy and cybersecurity regulations continue to evolve, with challenges to the EU-U.S. Data Privacy Framework and the introduction of the UK-U.S. Data Bridge raising questions about transatlantic data transfers and compliance standards. New frameworks, such as Canada’s guidance for machine learning-enabled medical devices and the American Telemedicine Association’s privacy principles, emphasize security and transparency in emerging technologies like AI and telehealth. Meanwhile, enforcement actions like penalties for information blocking, HIPAA violations, and lawsuits against companies like Medtronic highlight the growing scrutiny on data misuse, reinforcing the need for robust compliance measures in healthcare and beyond.

Switzerland’s new Federal Act on Data Protection (FADP), effective September 2023, aligns with the GDPR but introduces unique requirements like appointing local data protection representatives. The EU-U.S. Data Privacy Framework faces potential legal challenges reminiscent of its predecessors, raising questions about its durability. In cybersecurity, healthcare remains a prime target for malware and vulnerabilities, with reports highlighting risks in medical devices and the MOVEit software breach affecting millions. Meanwhile, initiatives like the U.S. Digital Health Security project and proposed U.S. PET Research Act aim to strengthen healthcare data security and promote privacy-enhancing technologies, reflecting the growing urgency for robust protections in health and AI sectors.

The EU-U.S. Data Privacy Framework introduces provisions for clinical trials, emphasizing patient consent and transparency, while U.S.-based organizations must self-certify their compliance to participate. Rising health data privacy regulations in the U.S. and innovations like MIT’s privacy-preserving AI techniques and synthetic data strategies aim to balance data protection and utility. Cybersecurity incidents, including the MOVEit attack affecting U.S. health institutions and HCA Healthcare’s data breach impacting 11 million individuals, highlight ongoing vulnerabilities. Enforcement actions, such as the FTC’s ban on BetterHelp for sharing sensitive health data, underline the need for strict compliance and ethical data practices in the evolving privacy landscape.