Tag Archives: Data Protection and Privacy

Hear from Speakers from WebMD, CMS, PhRMA, AdvaMed, AHCA and More at Dec. 4 Washington Health Care Conference

Please join us for our 6th Annual Washington Health Care Conference, a program discussing the latest hot topics and anticipated trends impacting health care and life sciences organizations. This year’s program will be held on December 4, 2019 at The Almas Center in Washington, D.C. Sessions include: A thought-provoking keynote. We are pleased to welcome … Continue Reading

Key questions linger after recent amendments to California Consumer Privacy Act

Last week marked the end of legislative activity in the state of California for 2019, and with the impending California Consumer Privacy Act (CCPA or the Act) going into effect on January 1, 2020, many businesses were waiting optimistically for some clarification on lingering questions. The California legislature did pass five bills amending the Act, … Continue Reading

Biometric privacy legislation trends rise nationwide

Several states are following the path of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to a rise in the volume of class action privacy litigation and underlined the significance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that gather and utilize biometric data … Continue Reading

Join Us: Free CLE Webinar on Best Practices for Managing Privacy Risks in Vendor Engagements

Reed Smith will be hosting an upcoming CLE webinar, “Best Practices for managing privacy risks in vendor engagements – diligence, contracting, and oversight under the California law” on Wednesday, September 11, 2019 at 2:00 PM ET. This program will offer a review on how organizations can approach third-party information sharing under the CCPA. Furthermore, as … Continue Reading

Join Us: Free CLE Webinar on Privacy Practices in Compliance with the CCPA

Reed Smith presents the latest installment in our Countdown to CCPA Compliance webinar series, “Privacy by Accident”, now available to watch on demand. Whether by accident or by design, many organizations have implemented privacy practices or programs that will help toward compliance with the CCPA. This webinar will discuss these practices and how they can … Continue Reading

CNIL Imposes Penalty to Optical Center; French Highest Administrative Court Reduces Amount

Life sciences companies doing business in France will be interested in the recent results of Optical Center’s appeal of a penalty assessed by the Commission nationale de l’informatique et des libertés, the French data protection authority, surrounding a data breach. The data breach allowed access to invoices and purchases containing personal and sensitive customer data. … Continue Reading

Join Us: Life Sciences Health Industry Roundtable on “Identifying and Mitigating Risk in a Changing Global Economy”

In-house counsel at pharmaceutical, medical device, and health companies are invited to join their peers and leading Reed Smith life sciences lawyers for a roundtable discussion on how to identify and mitigate risk. The event will be held on 5 March in Reed Smith’s London office. A networking breakfast will be provided at 8:30 a.m., … Continue Reading

What Brexit Means for Data Protection

For global pharmaceutical and medical device companies handling personal data in the European Union (EU) or engaged in transatlantic data transfers, some of the many questions created by the Brexit vote include what its impact will be on the United Kingdom’s (UK) data protection laws. These questions also arise in the context of the EU’s … Continue Reading

Appeals Court Decision is Positive News for Health Companies Concerned About Cyberliability Coverage

In a ruling particularly meaningful to health care companies, who are responsible for patients’ protected, personally-identifiable information, the U.S. Court of Appeals recently upheld a lower court’s decision finding coverage under a healthcare company’s comprehensive general liability (CGL) policy.  When the health care company inadvertently made certain confidential medical records accessible to the public online … Continue Reading

Expect Increased State AG Enforcement Actions on Health Data Incidents

Businesses working with U.S. customer or employee data are very familiar with the roles the Federal Trade Commission (FTC), U.S. Department of Health and Human Services, and other federal agencies play in privacy regulation and enforcement. But, increasingly, if your company ends up facing a health – or other data – incident, you may find … Continue Reading

After a Strong Enforcement Presence in 2015, OCR Starts 2016 with a $239,000 Civil Money Penalty Judgment

It has been a busy winter for the US Department of Health and Human Service, Office for Civil Rights (“OCR”).  Since November 2015, the agency has announced three settlements and one civil money penalty judgment amounting to over $5 million in fines and settlements.  Most recently, on February 3, 2016, a U.S. Department of Health … Continue Reading

Effective Today: New Federal Rules Of Civil Procedure Regarding Discovery And Electronically Stored Information

​In changes that have been five years in the making, amendments to the Federal Rules of Civil Procedure go into effect today, December 1, 2015. Two major amendments have received much attention and analysis.  The first is the addition of an express proportionality requirement to Rule 26(b)(1) regarding the Scope of Discovery, and the second … Continue Reading

HHS’ Selection of Contractor Provides Latest Update on Impending Second Round of HIPAA Audits

On October 27, 2015, a U.S. Department of Health and Human Services (“HHS”) official stated that the agency has hired FCi Federal, a provider of management and professional services to government agencies in Ashburn, VA, to conduct the second round of Health Insurance Portability and Accountability Act (“HIPAA”) data security audits.  Similar to the Phase … Continue Reading

Cybersecurity Concerns for Medical Device Companies: A Risk Mitigation Checklist

Cybersecurity issues are nothing new to those operating in the health care industry. But while these issues have most commonly been faced by hospitals and health care providers, medical device companies must now take note. As reported recently in the news, medical devices have increasingly become the targets for cybersecurity breaches, given the information contained … Continue Reading

The Legal 500 United States Names Reed Smith ‘Data Protection and Privacy: 2015 Firm of the Year’

Reed Smith’s Information Technology Privacy & Data Security Group has been doing phenomenal work for years, linking experienced cybersecurity and privacy professionals with veteran intellectual property litigators, information governance advisors, technology contracting specialists and others with a similar data-oriented perspective.  And now it has been recognized by The Legal 500 United States as its ‘Data Protection … Continue Reading

OCR Announces Settlement and Corrective Action Plan with Pharmacy Stemming from Alleged Violations

The HHS Office for Civil Rights recently announced a settlement and corrective action plan with Cornell Prescription Pharmacy (CPP), a small for-profit, single location, compounding pharmacy located in Denver, CO. CPP has agreed to pay $125,000 and enter into a corrective action plan to settle potential violations of the HIPAA Privacy Rule. This outcome is indicative of OCR's unwillingness to demonstrate wide variance in its enforcement response based on the size of an affected covered entity or the number of patients involved in a potential HIPAA violation.… Continue Reading

First Steps for GCs in Assessing a Data Breach

When a data breach is discovered by a company, it is often the responsibility of the company’s in-house counsel to swiftly assess the breach and provide an initial report to company management. There are several steps that in-house counsel should follow if faced with a breach to allow for an adequate assessment that company management can use. As noted … Continue Reading

Amidst Increasing Security Concerns, Medicare to Drop Social Security Numbers from Cards

Last week, President Obama signed into law a bill that will eradicate Social Security Numbers (SSNs) from all Medicare beneficiary cards over the next eight years. Medicare has four years to begin issuing cards with new identifiers, and four years after that to reissue cards to current beneficiaries. The removal of SSNs from the cards is not only expected to decrease the risks associated with identity theft for Medicare beneficiaries, but also Medicare's risk of exposure associated with breaches of protected health and personal information under HIPAA and state privacy laws.… Continue Reading

State Attorneys General Address Data Privacy and Security Issues

State attorneys general across the United States have taken recent action towards addressing data privacy and security issues. In Connecticut, the attorney general announced the establishment of a Privacy and Data Security Department to handle investigations and litigation relating to data privacy and security. This month's National Association of Attorneys General (NAAG) Southern Region Meeting featured presentations on big data, cybersecurity, cloud computing and data breaches, and next month's NAAG presidential initiative summit will address topics such as intellectual property theft, cloud computing and digital currency. Finally, Washington's attorney general has proposed several amendments to expand the scope of that state's data breach notification requirements.… Continue Reading

FTC Offers Privacy and Security Guidance for Medical Devices in ‘Internet of Things’ Report

On January 27, the Federal Trade Commission (FTC) issued a 71-page Staff Report on privacy and security issues with the Internet of Things (IoT) - the growing ability of everyday devices to monitor and communicate information through the Internet. The Staff Report - which follows up on the FTC's public workshop over concerns with the IoT, as well as the FTC's first enforcement action brought in September 2013 - is especially relevant in the life sciences industry, which may see potentially revolutionary advances as a result of the IoT.… Continue Reading

New Jersey Enacts Data Privacy Law for Health Insurance Carriers

New Jersey Governor Chris Christie has signed a law requiring health insurance carriers in that state to encrypt individuals' personal information. This new law will be enforced in conjunction with the New Jersey Consumer Fraud Act (NJCFA), and failure to obey the law will be classified as a violation of the NJCFA, which could result in financial penalties for the carriers. The new legislation may also affect business associates through the contractual terms of business associate agreements.… Continue Reading

EU Justice Ministers Reach Partial General Approach on Aspects of Data Protection Regulation

Reed Smith’s Global Regulatory Enforcement Law Blog features a post on a recent meeting at which Justice ministers from across the European Union managed to agree on a partial general approach on several aspects of the draft Data Protection Regulation, which aims to set out a general EU framework for data protection. The ministers have … Continue Reading

EU Article 29 Data Protection Working Party Releases Guidelines Stemming from Google Spain Case

Reed Smith’s Global Regulatory Enforcement Law Blog features a post on a recent set of guidelines issued by the European Union’s Article 29 Data Protection Working Party outlining how EU Data Protection Authorities (DPAs) intend to implement the judgment of the Court of Justice of the European Union in Google Spain SL and Google Inc. … Continue Reading
LexBlog