In the absence of a comprehensive federal data privacy law, state legislators continue to add to the often-contradictory array of laws aimed at protecting the security and privacy of their residents’ data. Very recently, Washington State’s My Health My Data Act was signed into law by Governor Jay Inslee in late April, Florida lawmakers passed Senate Bill 262 in early May, and the Tennessee Information Protection Act was signed into law earlier this month as well. While preparing this update, Montana’s enacted its Consumer Data Privacy Act on May 19th, which we will address in subsequent guidance due to its recency. These newly enacted state laws build upon the growing patchwork of laws enacted in California, Connecticut, Colorado, Virginia, and Utah, all of which we previously discussed here and here. Yet, among these state laws there is significant variety, including inconsistencies as to whether the laws allow for private rights of action, and whether the laws provide affirmative defenses and other incentives based on compliance with relevant best practices.
On October 18, 2018, the FDA published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. This guidance outlined recommendations for cybersecurity device design and labeling as well as important documents that should be included in premarket approval submissions. This guidance comes at a critical time as the healthcare industry is a prime target for hackers. On January 22, 2019, the U.S. Department of Homeland Security Industrial Control System Cyber Emergency Team (US-CERT) issued another advisory regarding medical device ...
Our colleague NIST Seeks Comments on Cybersecurity Standards For Patient Imaging Devices.”
at Epstein Becker Green has a post on the Health Law Advisor blog that will be of interest to our readers in the health care industry: “Following is an excerpt:
The National Institute of Standards and Technology (“NIST) has announced that it will be seeking industry input on developing “use cases” for its framework of cybersecurity standards related to patient imaging devices. NIST, a component of the Department of Commerce, is the agency assigned to the ...
The National Institute of Standards and Technology (“NIST) has announced that it will be seeking industry input on developing “use cases” for its framework of cybersecurity standards related to patient imaging devices. NIST, a component of the Department of Commerce, is the agency assigned to the development and promulgation of policies, guidelines and regulations dealing with cybersecurity standards and best practices. NIST claims that its cybersecurity program promotes innovation and competitiveness by advancing measurement science, standards, and related ...
Both the Department of Justice and the Department of Health and Human Services Inspector General have long urged (and in many cases, mandated through settlements that include Corporate Integrity Agreements and through court judgments) that health care organizations have "top-down" compliance programs with vigorous board of directors implementation and oversight. Governmental reach only increased with the publication by DoJ of the so-called Yates Memorandum, which focused government enforcers on potential individual liability for corporate management and directors in ...
Blog Editors
Recent Updates
- OCR Withdraws Appeal of District Court Order Declaring Unlawful and Vacating the “Proscribed Combination” Portion of Its HIPAA Online Tracking Technologies Guidance
- As the Window for Comments Closes on ONC/ASTP’s HTI-2 Proposed Rule: What’s in HTI-2 and What Does It Mean for You?
- Unpacking Averages: Assessing FDA’s Postmarket Surveillance Under Section 522
- Video: New State Legislation Increases Oversight of Health Care Transactions – Thought Leaders in Health Law
- Video: New HIPAA Final Rule - Key Changes to Reproductive Health Care Privacy – Thought Leaders in Health Law