Category: Health Law Highlights

Categories
Health Law Highlights

A Regulatory Roadmap to AI and Privacy

Summary of article from IAPP, by Daniel Solove:

There is a complex relationship between AI and privacy. AI-related privacy issues are often extensions of existing digital privacy problems. Privacy law reform must address digital privacy holistically, not just in the context of AI. AI creates implicates privacy concerns in data collection and processing, decision-making, and data analysis. Current privacy laws are inadequate in handling these issues. AI also presents difficulties in oversight, participation, and accountability. Effective reform must include transparency, due process, and stakeholder involvement. Comprehensive overhaul of existing privacy laws needed to effectively regulate AI’s impact on privacy.

Categories
Health Law Highlights

Three Women Contract HIV From Dirty “Vampire Facials” at Unlicensed Med Spa

Summary of article from Ars Technica, by Beth Mole:

Unlicensed cosmetic procedures at a med spa have been linked to an outbreak of HIV, marking the first time cosmetic treatments have been associated with such an outbreak. At least three women who underwent “vampire facials”, a treatment involving the injection of a patient’s own platelet-rich plasma into their face, at the unregulated VIP Spa, tested positive for HIV. The spa, which had poor hygiene standards and reused disposable equipment, was shut down in 2018 and the owner was later convicted for practicing medicine without a license. Investigators tested nearly 200 other spa clients for HIV and found a total of five infections linked to the facility. The report highlights the importance of identifying potential novel sources of HIV transmission among people with no known risk factors.

Categories
Health Law Highlights

FTC Bans Noncompete Clauses, Declares Vast Majority Unenforceable

Summary of article from Ars Technica, by Jon Brodkin:

The Federal Trade Commission (FTC) has issued a final rule banning noncompete clauses, rendering most existing clauses unenforceable, citing that they are an unfair method of competition and a violation of Section 5 of the FTC Act. The rule will take effect 120 days after its publication in the Federal Register, affecting approximately 30 million US workers currently bound by such clauses. The rule will not apply to senior executives, defined as those earning more than $151,164 annually and in policy-making positions. The FTC argues that noncompete clauses suppress wages, innovation, and economic dynamism, and believes businesses can protect trade secrets through other means like nondisclosure agreements. The US Chamber of Commerce intends to sue the FTC, claiming the rule undermines the competitiveness of American businesses.

Categories
Health Law Highlights

Artificial Intelligence Highlights from FTC’s 2024 PrivacyCon

Summary of article from Sheppard Mullin Richter & Hampton LLP, by Carolyn Metnick, Gianfranco Spinelli:

PrivacyCon’s takeaways for healthcare organizations highlighted key considerations for the use of AI in healthcare, focusing on privacy themes, Large Language Models (LLMs), and AI functionality. The study identified four privacy concerns: potential for data misuse, personal nature of data, lack of awareness and consent in data collection, and surveillance by the government. It also highlighted security, privacy, and safety concerns in LLM platforms, particularly with third-party applications, urging developers to prioritize these aspects. The fallacy of AI functionality, where users trust AI blindly without data validation, was identified as a major issue, especially in healthcare where it can lead to misdiagnosis. The post concluded by emphasizing the need for healthcare organizations to establish governance and compliance committees to address these complex challenges and facilitate responsible AI development with privacy and ethical considerations in mind.

Categories
Health Law Highlights

Houston Clinic Owner Sentenced for Healthcare Fraud Scheme

Summary of article from mytexasdaily.com:

Gwendolyn Gibbs, the 72-year-old owner of a Houston-based mental health clinic, has been sentenced to seven years in federal prison for a healthcare fraud scheme. Gibbs pleaded guilty to conspiracy to commit healthcare fraud in December 2021 and was ordered to pay over $8.6 million in restitution to Medicare. The court found that Gibbs had fraudulently billed Medicare for services provided to adults with intellectual disabilities who did not require mental health services, from 2007 to 2016. She admitted to falsifying medical records and paying kickbacks for patient referrals. The case was investigated by multiple agencies, including the FBI and the Department of Health and Human Services.

Categories
Health Law Highlights

Washington’s My Health My Data Act and its Nevada Twin are Now in Effect – Are You Ready?

Summary of article from Davis Wright Tremaine, by David L. Rice, Adam H. Greene, Rebecca L. Williams:

The “My Health My Data Act” in Washington, effective March 31, 2024, imposes strict regulations on the collection and use of “consumer health data” (CHD), even extending to data indirectly related to a consumer’s health. The Act covers all businesses operating in Washington and those providing services or products to its consumers, and applies to both residents and non-residents whose CHD is collected within the state. It mandates consumer consent for CHD collection, processing, or disclosure, and prohibits the sale of CHD without a valid, annually renewed authorization. The Act also forbids the use of “geofences” around healthcare facilities for data collection or advertising. Finally, the Act grants enforcement authority to the Washington Attorney General and establishes a private right of action for consumers, with Nevada implementing a similar law.

Categories
Health Law Highlights

Doctors Are Getting on Board With genAI, Survey Shows

Summary of article from Healthcare IT News, by Andrea Fox:

A survey of 100 US physicians revealed that 81% believe generative AI can enhance care team interactions with patients. The majority (89%) of physicians require transparency about the sources of clinical decision support (CDS) data from vendors. However, physicians overestimate patients’ readiness for AI in healthcare, with 66% believing patients would be confident in AI-assisted decisions, contrasting with 48% of patients expressing confidence. The survey also highlighted a lack of clear AI usage guidelines in healthcare organizations. Despite initial skepticism, adoption of AI in healthcare is growing, with companies like Wolter Kluwer integrating AI into their products to aid clinical decision-making.

Categories
Health Law Highlights

Security Principles: Addressing Vulnerabilities Systematically

Summary of article from Federal Trade Commission, Office of Technology:

The FTC has been enforcing national consumer protection laws for over two decades, focusing on companies with inadequate security practices such as failing to encrypt sensitive data and not using multi-factor authentication. The FTC and the Cybersecurity and Infrastructure Security Agency (CISA) recommend practices like root-cause analysis of vulnerabilities, using template rendering systems for Cross-Site Scripting (XSS) vulnerabilities, query builders for SQL injection vulnerabilities, and memory-safe programming languages for buffer overflows and use-after-free vulnerabilities. CISA’s Secure by Design Alert Series offers additional strategies to protect systems from design issues leading to security incidents. The FTC asserts that companies have a legal obligation to protect consumers’ data, with violations leading to enforcement actions.

Categories
Health Law Highlights

Navigating HIPAA Compliance in the Age of AI: Privacy and Security Considerations in Healthcare

Summary of article from HackerNoon, by mcmullen:

Artificial intelligence (AI) is revolutionizing various aspects of healthcare, but it also presents privacy and security risks, particularly in the context of data breaches. Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is crucial when integrating AI into healthcare. To remain HIPAA compliant, healthcare organizations must understand AI algorithms, regularly update policies, and implement robust security measures. Despite the challenges, the implementation of AI in healthcare, when done responsibly and ethically, offers significant potential benefits for patient care and research.

Categories
Health Law Highlights

Change Healthcare Ransomware Attack: 10 Lessons Learned

Summary of article from Guidepost Solutions LLC, by Todd Doss:

In February 2024, Change Healthcare fell victim to a ransomware attack due to vulnerabilities in its infrastructure, including outdated software and misconfigured settings. The attackers used sophisticated malware to access the network and breach sensitive data, including patient records, financial data, and administrative details. The incident underscores the importance of robust cybersecurity measures, such as regular data backups, software updates, strong passwords, network segmentation, and continuous employee education. Organizations are also advised to avoid paying ransoms and to stay informed about cybersecurity trends. Lastly, consulting with third-party cybersecurity experts can help assess vulnerabilities and strengthen an organization’s security posture.