On Thursday, January 23, 2020 at 12:00 PM ET, Reed Smith will be hosting “Digital Health 101”, a CLE webinar covering: Federal and state health care regulatory and reimbursement issues, including fraud and abuse implications and insurance coverage for digital health devices and services Applicability of federal and state privacy laws, including the Health Insurance … Continue Reading
Please join us for our 6th Annual Washington Health Care Conference, a program discussing the latest hot topics and anticipated trends impacting health care and life sciences organizations. This year’s program will be held on December 4, 2019 at The Almas Center in Washington, D.C. Sessions include: A thought-provoking keynote. We are pleased to welcome … Continue Reading
Last week marked the end of legislative activity in the state of California for 2019, and with the impending California Consumer Privacy Act (CCPA or the Act) going into effect on January 1, 2020, many businesses were waiting optimistically for some clarification on lingering questions. The California legislature did pass five bills amending the Act, … Continue Reading
Several states are following the path of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to a rise in the volume of class action privacy litigation and underlined the significance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that gather and utilize biometric data … Continue Reading
Reed Smith will be hosting an upcoming CLE webinar, “Best Practices for managing privacy risks in vendor engagements – diligence, contracting, and oversight under the California law” on Wednesday, September 11, 2019 at 2:00 PM ET. This program will offer a review on how organizations can approach third-party information sharing under the CCPA. Furthermore, as … Continue Reading
Reed Smith presents the latest installment in our Countdown to CCPA Compliance webinar series, “Privacy by Accident”, now available to watch on demand. Whether by accident or by design, many organizations have implemented privacy practices or programs that will help toward compliance with the CCPA. This webinar will discuss these practices and how they can … Continue Reading
Life sciences companies doing business in France will be interested in the recent results of Optical Center’s appeal of a penalty assessed by the Commission nationale de l’informatique et des libertés, the French data protection authority, surrounding a data breach. The data breach allowed access to invoices and purchases containing personal and sensitive customer data. … Continue Reading
In-house counsel at pharmaceutical, medical device, and health companies are invited to join their peers and leading Reed Smith life sciences lawyers for a roundtable discussion on how to identify and mitigate risk. The event will be held on 5 March in Reed Smith’s London office. A networking breakfast will be provided at 8:30 a.m., … Continue Reading
For global pharmaceutical and medical device companies handling personal data in the European Union (EU) or engaged in transatlantic data transfers, some of the many questions created by the Brexit vote include what its impact will be on the United Kingdom’s (UK) data protection laws. These questions also arise in the context of the EU’s … Continue Reading
In a ruling particularly meaningful to health care companies, who are responsible for patients’ protected, personally-identifiable information, the U.S. Court of Appeals recently upheld a lower court’s decision finding coverage under a healthcare company’s comprehensive general liability (CGL) policy. When the health care company inadvertently made certain confidential medical records accessible to the public online … Continue Reading
By Divonne Smoyer and Brad Rostolsky on Posted in Privacy & HIPAA
Businesses working with U.S. customer or employee data are very familiar with the roles the Federal Trade Commission (FTC), U.S. Department of Health and Human Services, and other federal agencies play in privacy regulation and enforcement. But, increasingly, if your company ends up facing a health – or other data – incident, you may find … Continue Reading
It has been a busy winter for the US Department of Health and Human Service, Office for Civil Rights (“OCR”). Since November 2015, the agency has announced three settlements and one civil money penalty judgment amounting to over $5 million in fines and settlements. Most recently, on February 3, 2016, a U.S. Department of Health … Continue Reading
In changes that have been five years in the making, amendments to the Federal Rules of Civil Procedure go into effect today, December 1, 2015. Two major amendments have received much attention and analysis. The first is the addition of an express proportionality requirement to Rule 26(b)(1) regarding the Scope of Discovery, and the second … Continue Reading
On October 27, 2015, a U.S. Department of Health and Human Services (“HHS”) official stated that the agency has hired FCi Federal, a provider of management and professional services to government agencies in Ashburn, VA, to conduct the second round of Health Insurance Portability and Accountability Act (“HIPAA”) data security audits. Similar to the Phase … Continue Reading
Data privacy in the European Union is a hot topic at the moment. In addition to the recent ruling regarding the “Safe Harbor Ruling” affecting data transferred between the EU and the US, a study was recently published criticizing several aspects of the EU’s development of its Digital Single Market (“DSM”) strategy. As defined by … Continue Reading
Cybersecurity issues are nothing new to those operating in the health care industry. But while these issues have most commonly been faced by hospitals and health care providers, medical device companies must now take note. As reported recently in the news, medical devices have increasingly become the targets for cybersecurity breaches, given the information contained … Continue Reading
Reed Smith’s Information Technology Privacy & Data Security Group has been doing phenomenal work for years, linking experienced cybersecurity and privacy professionals with veteran intellectual property litigators, information governance advisors, technology contracting specialists and others with a similar data-oriented perspective. And now it has been recognized by The Legal 500 United States as its ‘Data Protection … Continue Reading
The HHS Office for Civil Rights recently announced a settlement and corrective action plan with Cornell Prescription Pharmacy (CPP), a small for-profit, single location, compounding pharmacy located in Denver, CO. CPP has agreed to pay $125,000 and enter into a corrective action plan to settle potential violations of the HIPAA Privacy Rule. This outcome is indicative of OCR's unwillingness to demonstrate wide variance in its enforcement response based on the size of an affected covered entity or the number of patients involved in a potential HIPAA violation.… Continue Reading
When a data breach is discovered by a company, it is often the responsibility of the company’s in-house counsel to swiftly assess the breach and provide an initial report to company management. There are several steps that in-house counsel should follow if faced with a breach to allow for an adequate assessment that company management can use. As noted … Continue Reading
Last week, President Obama signed into law a bill that will eradicate Social Security Numbers (SSNs) from all Medicare beneficiary cards over the next eight years. Medicare has four years to begin issuing cards with new identifiers, and four years after that to reissue cards to current beneficiaries. The removal of SSNs from the cards is not only expected to decrease the risks associated with identity theft for Medicare beneficiaries, but also Medicare's risk of exposure associated with breaches of protected health and personal information under HIPAA and state privacy laws.… Continue Reading
State attorneys general across the United States have taken recent action towards addressing data privacy and security issues. In Connecticut, the attorney general announced the establishment of a Privacy and Data Security Department to handle investigations and litigation relating to data privacy and security. This month's National Association of Attorneys General (NAAG) Southern Region Meeting featured presentations on big data, cybersecurity, cloud computing and data breaches, and next month's NAAG presidential initiative summit will address topics such as intellectual property theft, cloud computing and digital currency. Finally, Washington's attorney general has proposed several amendments to expand the scope of that state's data breach notification requirements.… Continue Reading
On January 27, the Federal Trade Commission (FTC) issued a 71-page Staff Report on privacy and security issues with the Internet of Things (IoT) - the growing ability of everyday devices to monitor and communicate information through the Internet. The Staff Report - which follows up on the FTC's public workshop over concerns with the IoT, as well as the FTC's first enforcement action brought in September 2013 - is especially relevant in the life sciences industry, which may see potentially revolutionary advances as a result of the IoT.… Continue Reading
New Jersey Governor Chris Christie has signed a law requiring health insurance carriers in that state to encrypt individuals' personal information. This new law will be enforced in conjunction with the New Jersey Consumer Fraud Act (NJCFA), and failure to obey the law will be classified as a violation of the NJCFA, which could result in financial penalties for the carriers. The new legislation may also affect business associates through the contractual terms of business associate agreements.… Continue Reading
Reed Smith’s Global Regulatory Enforcement Law Blog features a post on a recent meeting at which Justice ministers from across the European Union managed to agree on a partial general approach on several aspects of the draft Data Protection Regulation, which aims to set out a general EU framework for data protection. The ministers have … Continue Reading