Newsletters

Global data privacy and cybersecurity regulations continue to evolve, with challenges to the EU-U.S. Data Privacy Framework and the introduction of the UK-U.S. Data Bridge raising questions about transatlantic data transfers and compliance standards. New frameworks, such as Canada’s guidance for machine learning-enabled medical devices and the American Telemedicine Association’s privacy principles, emphasize security and transparency in emerging technologies like AI and telehealth. Meanwhile, enforcement actions like penalties for information blocking, HIPAA violations, and lawsuits against companies like Medtronic highlight the growing scrutiny on data misuse, reinforcing the need for robust compliance measures in healthcare and beyond.

Switzerland’s new Federal Act on Data Protection (FADP), effective September 2023, aligns with the GDPR but introduces unique requirements like appointing local data protection representatives. The EU-U.S. Data Privacy Framework faces potential legal challenges reminiscent of its predecessors, raising questions about its durability. In cybersecurity, healthcare remains a prime target for malware and vulnerabilities, with reports highlighting risks in medical devices and the MOVEit software breach affecting millions. Meanwhile, initiatives like the U.S. Digital Health Security project and proposed U.S. PET Research Act aim to strengthen healthcare data security and promote privacy-enhancing technologies, reflecting the growing urgency for robust protections in health and AI sectors.

The EU-U.S. Data Privacy Framework introduces provisions for clinical trials, emphasizing patient consent and transparency, while U.S.-based organizations must self-certify their compliance to participate. Rising health data privacy regulations in the U.S. and innovations like MIT’s privacy-preserving AI techniques and synthetic data strategies aim to balance data protection and utility. Cybersecurity incidents, including the MOVEit attack affecting U.S. health institutions and HCA Healthcare’s data breach impacting 11 million individuals, highlight ongoing vulnerabilities. Enforcement actions, such as the FTC’s ban on BetterHelp for sharing sensitive health data, underline the need for strict compliance and ethical data practices in the evolving privacy landscape.

The Nevada Health Data Privacy Act and the EU Data Act highlight evolving efforts to regulate data access, sharing, and privacy, with specific focus areas like healthcare and industrial data. AI governance progresses with updates to the AI Act, addressing high-risk applications and impact assessments, while international cooperation, such as the Atlantic Declaration and the EU-WHO digital health partnership, fosters innovation and privacy-enhancing technologies. Meanwhile, enforcement actions like FTC’s case against genetic testing company 1Health and ransomware attacks on biotech firms like Enzo Biochem underline the critical need for robust data protection measures in both regulatory and operational practices.