Regulations

Switzerland's Revised Data Protection Act

The Swiss Federal Act on Data Protection (FADP) has been in effect since September 1, 2023. This legislation closely mirrors the European Union's General Data Protection Regulation (GDPR). Among its provisions, companies not based in Switzerland are, in certain situations, required to designate a data protection representative within the country. The act also establishes fresh guidelines for reporting data breaches. However, there are still notable differences between the FADP and the GDPR.

Click to read more

Will the EU - U.S. Data Privacy Framework Endure ?

The predecessors of the Data Privacy Framework (DPF), the Safe Harbor framework and the Privacy shield, were legally challenged by Max Schrems, a privacy activist before the Court of Justice of the European Union (CJEU). The CJEU faulted these two frameworks for failing to ensure safeguards against exceeding surveillance in a democratic society. The DPF might meet a similar end, especially if Max Schrems decides to challenge it again. However, this time, it might not stand up to scrutiny.

Click to read more

HIPAA's True Reach On Health Data

The reach of HIPAA is not all-encompassing. It doesn't cover data that individuals produce and disseminate on their own, such as consumer-generated data. Its jurisdiction is primarily over entities like hospitals and medical practices. Third-party associates, including subcontractors, health plans, insurance firms, and individual physician providers, also fall under its purview. For optimal data protection, it's advised that patients utilize platforms like the hospital's data portal and avoid distributing their information beyond secure infrastructures.

Click to read more

Germany's Upcoming Legislation On Health Data Usage

The German Data Protection Conference (DSK), an independent body made up of German Data Protection Authorities, has released their view on a draft bill concerning the usage of health data. It seems the draft neglects certain data protection standards, including the rights of the data subjects, the principle of storage limitation (by omitting stipulations for a maximum storage duration), and the lack of proper measures and protections for the benefit of data subjects. In response to these issues, the DSK has suggested several amendments to the bill.

Click to read more

PETs - Privacy Enhancing Technologies

Introducing The Innovative PET Act: A New Paradigm ?

In the U.S., lawmakers from both parties have presented a bill focused on Privacy Enhancing Technology (PET). Named the PET Research Act, its purpose revolves around fostering the growth of PETs. This legislation champions a partnership between the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST) to advance the creation, implementation, and widespread use of PETs. Additionally, the act seeks to enhance inter-agency collaboration to encourage ethical data practices. A significant component of the bill emphasizes establishing standardization for PETs, targeting the creation of consistent practices and technical standards across both private and public sectors.

Click to read more

Artificial Intelligence

AI's Ability To Decode Pseudonymized Data: Exploring The Dangers

AI might challenge data privacy. By merging multiple data sets, AI can potentially decode pseudonymized data, a phenomenon known as the mosaic effect. This allows AI to detect patterns and pinpoint individual identities. Anonymizing the data could reduce reidentification risks. Additionally, instead of relying on consent or contracts, it's advised to use legitimate interest as the foundation for data collection.

Click to read more

Is AI-Generated Data Truly Authentic ?

Synthetic data, also known as AI-generated data, is derived from patient datasets using AI. While this method ensures patient privacy, it hasn't been widely adopted. A frequent concern is the potential inaccuracy of the synthetic data, as it may not always capture all variables of actual patients. As the data's accuracy improves, the threat of data breaches also increases. Numerous businesses are on the lookout for a method that assures both precision and confidentiality.

Click to read more

Cybersecurity

Malware: The Biggest Health Care Cyber Threat

BlackBerry's recent Global Threat Intelligence Report indicates that the finance and healthcare sectors are most targeted by cyber threats. Within healthcare, the primary danger comes from malwares or infostealers. Attackers aim for valuable health information or ransoms from disrupting crucial healthcare operations. The report suggests healthcare will likely continue being a primary target, with potential shifts towards advanced phishing efforts or the application of generative AI.

Click to read more

MOVEit's Vulnerability: What's At Stake?

Many US entities, including healthcare organizations, relied on MOVEit, a file-transfer software. Even three months post the vulnerability's discovery, several organizations are still gauging the breach's ramifications. Breach notifications are continually emerging. For instance, the Colorado Department of Health Care Policy & Financing (HCPF) estimated a whopping 4 million individuals were affected. Meanwhile, the debt collection firm Radius Global Solutions disclosed an impact on 600,000 individuals. The total affected might be even higher.

Click to read more

Security Weaknesses In Medical Devices

The Health Information Sharing and Analysis Center (Health-ISAC), in collaboration with Finite State and Securin, unveiled a joint report detailing the Cybersecurity landscape for Medical Devices and Healthcare Systems. Notably, the 2023 edition witnessed a 59% spike in vulnerabilities compared to the 2022 report, identifying 993 vulnerabilities across 966 medical devices. Alarmingly, 160 of these vulnerabilities are now weaponized. Breaking it down, software applications accounted for 64% of these weak points, hardware 27%, and operating systems trailed at 9%.

Click to read more

Launching The Digital Health Security Initiative

The U.S. Department of Health and Human Services established an agency dedicated to exploring cybersecurity solutions to bolster healthcare protection. This body introduced the Digital Health Security project, aiming to gather suggestions from researchers and technologists regarding cybersecurity instruments tailored for healthcare institutions, hospitals, clinics, and medical devices. The campaign welcomes contributions from everyone, encompassing academics, nonprofit investigators, and industry experts.

Click to read more

Data Privacy Enforcement

Google's Interaction With Healthcare Provider Websites

Numerous complaints were lodged against Google for gathering sensitive and health-related data from healthcare providers' websites. Web users recently sought a legal order to prevent Google from collecting data from such sites, presenting a statement from an ex-Google worker who reportedly discovered Google's code on pages with confidential information. In response, Google requested the judge dismiss the order, claiming it's just a basic analytic tool managed by the website operators.

Click to read more

Home

Discover our latest newsletter

View All Newsletters
Dec 2024
Regulations & Guidelines
Biotech & Healthtech
AI
Data Governance
Data Privacy Enforcement

Newsletter #20

🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.

Nov 2024
Regulations & Guidelines
Podcasts
AI
Data Breach & Cybersecurity
Data Privacy Enforcement

Newsletter #19

In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.

Oct 2024
Data Privacy Enforcement
Healthcare
Regulations & Guidelines
AI
Biotech & Healthtech

Newsletter #18

Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.