­­

Regulations & Guidelines

­­

American Data Privacy Act

­In a significant bipartisan effort, key members of U.S. Congress have unveiled a draft federal privacy bill aimed at establishing a national data privacy and security standard. The proposed American Privacy Rights Act, discussed by U.S. House Committee on Energy and Commerce Chair Cathy McMorris Rodgers and Senator Maria Cantwell, focuses on data minimization, consumer rights to manage their data, and aims to replace the patchwork of state laws with a stronger federal standard, addressing the pressing need for consistent privacy protections across the nation.

­ Click to read more­

EU Parliament Votes To Strengthen GDPR Enforcement

­The European Parliament  voted to refine the enforcement procedures of the General Data Protection Regulation (GDPR), with 329 in favor, 213 against, and 79 abstentions. The proposed adjustments aim to enhance collaboration among national data protection authorities, improve dispute resolution mechanisms, and unify specific procedural rules and rights throughout EU Member States.

­ Click to read more­

Colorado Protects Brain Wave Privacy With First Neurodata Law

­Colorado has become the first state to legally protect neural data as private information, with Governor Jared Polis signing a law that classifies nervous system activity as sensitive data under the state's consumer privacy law. This legislative move mandates companies to obtain consent before collecting or processing neural data, addressing emerging privacy concerns linked to neurotechnology that can record, monitor, or alter brain activity.

­ Click to read more­

HHS Finalizes Rule To Strengthen Reproductive Health Data Privacy Under HIPAA

­The Biden-Harris administration, through the Department of Health and Human Services (HHS), has issued a final rule under the HIPAA Privacy Rule to enhance the privacy of patients and providers involved in lawful reproductive healthcare. This new regulation, which arose in response to concerns following the overturning of Roe v. Wade, prohibits the disclosure of protected health information (PHI) to pursue legal actions against patients or healthcare providers, aiming to safeguard their ability to access and provide safe, legal healthcare without fear of legal repercussions.

­ Click to read more

FTC Finalizes Changes To The Health Breach Notification Rule

­On April 26th, 2024, the Federal Trade Commission finalized updates to the Health Breach Notification Rule (HBNR). These changes enhance and update the rule by specifying its relevance to health applications and related technologies, and by broadening the details that covered entities are required to disclose to consumers when informing them of a breach involving their health information.

­ Click to read more­

Data Privacy Enforcement

­­

Cerebral Telehealth to Pay $7 Million Fine Over Patient Privacy

­Cerebral Inc. has agreed to a $7 million settlement with the FTC and committed to halt the use of health data for advertising, following charges of mailing unsecured postcards linking patients to their medical diagnoses. The telehealth company and its former CEO were also found to have shared sensitive data with third-party marketers like TikTok, LinkedIn, and Snapchat, in violation of their own privacy assurances.

­ Click to read more­

­

EDPB 2023 Annual Report 

The European Data Protection Board's 2023 annual report details its work from the previous year, including issuing guidelines on deceptive design and facial recognition, and providing advice on data privacy within the EU-US framework and GDPR enforcement.

­ Click to read more­

Data Breach & Cybersecurity

­­

Hackers Stole 340,000 Social Security Numbers From Government Consulting Firm

­Greylock McKinnon Associates (GMA), a U.S. consulting firm, reported a data breach on Maine's government website, revealing that hackers had stolen up to 341,650 Social Security numbers. The breach, announced through a mailed notice to affected individuals, occurred during a cyberattack in May 2023; GMA, which provides support to various companies and U.S. government agencies, including in civil litigation matters with the Department of Justice, responded swiftly to mitigate the incident.

­ Click to read more

Change Healthcare Stolen Patient Data Leaked by Ransomware Gang

­An extortion group known as RansomHub has released sensitive patient data stolen from Change Healthcare in a ransomware attack, marking the first time cybercriminals have publicly disclosed possession of such records. This incident is compounded by the fact that it's the second ransom demand faced by Change Healthcare in recent months, with the parent company, UnitedHealth Group, actively investigating the breach amidst claims of internal disputes within the ransomware gang complicating the situation.

­ Click to read more

Kaiser Reports Data Breach Affecting 13.4M People

­On April 26, 2024, Kaiser Foundation Health Plan reported a massive data breach to the OCR, involving 13.4 million records due to technologies on its websites and apps sharing data with third-party vendors like Google and Microsoft. This incident, the largest reported to OCR in 2024, involved sensitive information such as member names and IP addresses, leading Kaiser to remove the offending technologies and plan customer notifications for May.

­ Click to read more

 

Artificial Intelligence

­­

Auditing Large Language Models For Race And Gender Bias

­An audit of state-of-the-art large language models like GPT-4 reveals systematic biases, showing that the advice provided by these models often disadvantages names commonly associated with racial minorities and women, with the least advantageous outcomes observed for names associated with Black women. The study highlights that biases are consistent across various scenarios and models, suggesting systemic issues, and emphasizes the effectiveness of numerical anchors in countering these biases, while qualitative details may exacerbate disparities, stressing the need for rigorous audits at deployment to prevent harm to marginalized groups.

­ Click to read more­

The Rise Of The AI Officer

­The number of companies appointing a designated head of AI, or Chief AI Officer (CAIO), has nearly tripled worldwide in the past five years, fueled by advancements like ChatGPT and governmental measures such as the White House mandating federal agencies to have chief AI officers to manage and oversee AI use responsibly. While CAIOs are crucial for steering AI deployment within organizations, enhancing efficiency, and tackling ethical issues, their exact responsibilities remain undefined, and the sustainability of the role is uncertain given the rapid evolution of job titles in corporate environments.

­ Click to read more­

Generative AI Is Supposed To Save Doctors From Burnout. New Data Show It Needs More Training

­Recent research from institutions like the University of California, Mount Sinai, and Mass General Brigham reveals that while large language models (LLMs) are increasingly used in healthcare, they sometimes complicate rather than simplify doctors' workloads. These studies highlight issues such as the premature deployment leading to errors, the need for thorough testing despite the hype, and persistent challenges in applications like generating diagnostic codes and operating patient chatbots.

­ Click to read more

Xaira, An AI Drug Discovery Startup, Launches With $1 Billion

­ARCH Venture Partners and Foresite Labs, an affiliate of Foresite Capital, have announced the incubation and funding of Xaira Therapeutics, an AI biotech firm. Having operated in stealth mode for approximately six months, the company has secured a substantial investment of $1 billion. Additional backers of Xaira Therapeutics include F-Prime, NEA, Sequoia Capital, Lux Capital, Lightspeed Venture Partners, Menlo Ventures, Two Sigma Ventures, and SV Angel. The company will be led by Marc Tessier-Lavigne former Standford President.

­ Click to read more­

­

Nvidia's Plan To Dominate Biotech's AI Revolution

The chipmaker has emerged as a leading figure in the most dynamic sector of biopharma R&D—utilizing artificial intelligence for drug design. It has established a revenue stream exceeding $1 billion in the health sector and is increasingly convincing the industry that this might be the pivotal moment for technology in healthcare, though not necessarily in the ways previous contenders envisioned.

­ Click to read more­

Data Governance

­­

EU Drops Sovereignty Requirements In Cybersecurity Certification Scheme

­Amazon, Google, and Microsoft may have an improved chance at securing EU cloud computing contracts as new draft cybersecurity labelling rules no longer require vendors to be independent from non-EU laws, as per a document viewed by Reuters. This development comes as the European Union works to finalize a cybersecurity certification scheme (EUCS) that ensures cloud services are secure and trustworthy for use by governments and businesses within the bloc.

­ Click to read more­

The European Health Data Space Overcomes Its Final Obstacle In Parliament

­The new European regulation establishes a framework for sharing health data across EU states, enhancing GDPR protections and managing cross-border healthcare. It also sets up robust governance for digital health, allows connections with non-EU entities under strict conditions, and will be implemented gradually over the next 2 to 6 years, requiring regulatory adjustments in member states like France.

­ Click to read more­

Podcasts 

­­­

  • Foundation Models for Pathology with Razik Yousfi 

­

Click to listen
  • The Societal Impacts of Foundation Models, and Access to Data for Researchers 

 ­

Click to listen
  • The Sound: A Game-Chnaging Tool for Holistic Health Monitoring? With Dr Roeland Decorte

 ­

Click to listen

­

iliomad's News

­

CNIL Approval 

­

We are pleased to announce that the ICM - Institut du Cancer de Montpellier - has received authorization from the French Data Protection Authority (CNIL) to conduct the APAD-ECO study. The study, approved on April 19, will explore the medico-economic effects of physical activity on women who have been treated for breast cancer. It will analyze data from two clinical trials and the Caisse nationale de l’Assurance Maladie from 2009 to 2022, assessing the long-term benefits of physical activity on these patients. Our role in facilitating the ICM with a compliant Data Protection Impact Assessment was key in securing this approval from CNIL.

­

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest newsletter

View All Newsletters
Dec 2024
Regulations & Guidelines
Biotech & Healthtech
AI
Data Governance
Data Privacy Enforcement

Newsletter #20

🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes.

Nov 2024
Regulations & Guidelines
Podcasts
AI
Data Breach & Cybersecurity
Data Privacy Enforcement

Newsletter #19

In October, key developments in data privacy, AI, and cybersecurity emerged, including new GDPR accountability guidance for controllers, the introduction of the UK’s Data Bill 2024, and the FDA's call for coordinated AI regulation in healthcare. High-profile data breaches also highlighted vulnerabilities in health data, underscoring the need for stronger, globally aligned privacy standards.

Oct 2024
Data Privacy Enforcement
Healthcare
Regulations & Guidelines
AI
Biotech & Healthtech

Newsletter #18

Get up to speed with the latest in data protection regulations and healthtech innovations, including updates from Brazil, the UK, and California, along with advancements in AI-driven healthcare solutions. Plus, explore major privacy enforcement actions and key developments shaping the future of digital health.