Categories
Health Law Highlights

Microsoft, Mass General Developing AI Models for Radiology

Summary of article from Fierce Healthcare, by Heather Landi:

Microsoft is collaborating with Mass General Brigham and the University of Wisconsin-Madison to enhance AI in medical imaging. The partnership aims to develop, test, and validate AI algorithms to improve the accuracy and consistency of medical image analysis. These AI models will be integrated into clinical workflows via Microsoft’s Azure AI platform and Nuance’s PowerScribe radiology reporting platform. The collaboration seeks to assist radiologists and clinicians in interpreting medical images, generating reports, classifying diseases, and analyzing structured data. This initiative addresses the healthcare industry’s challenges of physician burnout and staffing shortages by leveraging generative AI to enhance workflow efficiencies. Key leaders from the partner organizations emphasize the potential of generative AI to transform clinical care and improve patient outcomes. Additionally, Microsoft is working with Nvidia to advance generative AI and cloud computing in healthcare and life sciences.

Categories
Health Law Highlights

Healthcare Organizations at Risk of Data Breach Due to Insecure File Sharing Practices

Summary of article from HIT Consultant, by Fred Pennic:

A resent report highlights significant vulnerabilities in healthcare organizations’ data security practices, particularly concerning insecure file sharing. Key findings reveal that 25% of publicly shared files and 68% of externally shared private files contain Personally Identifiable Information (PII), while 77% of internally shared private files also include PII. Additionally, many organizations fail to update or remove access permissions, increasing security risks. The consequences of these practices include rising data breaches, substantial financial impacts from ransomware attacks, and potential compliance violations with HIPAA and GDPR regulations. The report also notes the risk to financial data, such as credit card information, stored in insecure files. To mitigate these risks, healthcare organizations must adopt robust data loss prevention (DLP) solutions and data security tools to ensure proper handling and sharing of sensitive information. Metomic emphasizes the need for these tools to prevent data leaks and protect both patient information and organizational integrity.

Categories
Health Law Highlights

Pharmacy Association and 40 Providers Sue Change Healthcare Over Cyberattack

Summary of article from The HIPAA Journal, by Steve Adler:

The National Community Pharmacists Association (NCPA) and over 40 healthcare providers from 22 states are suing Change Healthcare, Optum, and UnitedHealth Group following a February 2024 ransomware attack. This Blackcat ransomware incident resulted in significant disruptions, as Change Healthcare’s critical systems were taken offline, affecting claims processing and revenue management for numerous providers nationwide. The plaintiffs argue that the defendants failed to implement adequate security measures and did not provide timely guidance or support, exacerbating financial hardships for healthcare providers. The lawsuit, which spans 140 pages, includes claims of negligence, breach of contract, and violations of various state consumer protection laws. It seeks permanent injunctive relief, enhanced security measures, and various forms of damages.

Categories
Health Law Highlights

6 Steps to Release a Medical IoT Device

Summary of article from Edge Industry Review, by Gilad David Maayan:

Releasing a medical IoT device involves a detailed process to ensure its effectiveness, compliance, and market viability. The first step is conducting market research to assess demand, compare with competitors, and evaluate market size and acceptance, guiding stakeholders on investment decisions. Regulatory planning is crucial, requiring familiarity with laws like the EU MDR and FDA regulations to define the device’s use and ensure compliance.

Design controls must be documented throughout development, adhering to standards such as ISO 13485 to maintain product quality. Establishing a tailored Quality Management System (QMS) addresses design, risk, and supply chain management, ensuring compliance with relevant standards. Clinical evaluation demonstrates the device’s safety and efficacy through trials or literature review, summarizing risks and benefits.

Postmarket surveillance is essential for ongoing monitoring of the device’s performance, ensuring long-term safety and effectiveness, and complying with stringent regulations. Edge computing enhances medical IoT devices by enabling local data processing, which speeds up analysis and response times, reduces reliance on internet connectivity, and ensures functionality in remote areas. Key considerations include hardware capabilities, data security, interoperability, and processing speed, all vital for timely healthcare decisions.

The Internet of Medical Things (IoMT) is transforming healthcare by providing personalized, detailed treatment outside hospitals. Despite the complexity of development and regulatory approval, these devices offer significant potential for improved patient outcomes and profitability.

Categories
Health Law Highlights

Vanishing Texas Companies Linked to Millions in Fraudulent Medicare Billings

Summary of article from MSN, by Brian New:

CBS News Texas’ investigation into alleged Medicare fraud uncovered over $200 million in fraudulent activities linked to several companies, prompting numerous viewers to report their own experiences with Medicare fraud. A subsequent report identified 11 additional Texas-based medical supply companies potentially involved in fraudulent practices. Many of these companies, such as Lone Star Medlab Laboratories and Peak Health Diagnostics, were found to have vacated their offices and disconnected their contact numbers. Aids for Recovery faced numerous complaints for fraudulent billing and had abandoned their office, leaving behind unopened Medicare correspondence. The Centers for Medicare & Medicaid Services (CMS) confirmed ongoing investigations into these companies, suspected of nearly $3 billion in fraudulent catheter billing.

Categories
Health Law Highlights

Balancing Act: Industry Concerns Over CISA’s Proposed Cyber Incident Reporting Rule

Summary of article from Bradley Arant Boult Cummings LLP, by Sinan Pismisoglu, Eric Setterlund:

The proposed cyber incident reporting rule by the Cybersecurity and Infrastructure Security Agency (CISA) aims to enhance national cyber defenses but has raised concerns about its broad scope and potential overreporting, which could overwhelm CISA with low-value data. Industry groups, particularly in manufacturing and healthcare, worry about the rule’s impact, citing increased compliance burdens and potential disruptions. Recommendations to address these issues include narrowing the rule’s scope, harmonizing reporting mechanisms, providing support to smaller entities, and tailoring requirements to specific industry needs. The debate highlights the need for a balanced approach that strengthens cybersecurity while ensuring practical compliance for businesses. Collaboration between CISA and industry stakeholders is essential to refine the rule and achieve this balance.

Categories
Health Law Highlights

HSBC Venture Healthcare Report: 1H 2024

Summary of article from Foley & Lardner LLP, by Antoinette F. Konski:

Key findings include a reversal of the 2023 decline in Healthtech investments, stable Med Device investments driven by first-financing deals, and a notable 35% increase in Biopharma investments with significant private deals. The Dx/Tools sector saw a decline in first-financing deals but benefited from growth investors for companies nearing commercialization. Overall, the report highlights increased investment activity across all sectors, with heightened IPO interest and significant private M&A deals in Biopharma.

Categories
Health Law Highlights

The TDPSA: A New Sheriff in Town for Texas Data Controllers and Processors

Summary of article from  Vinson & Elkins LLP, by Maggie Eller, Briana Falcon, Jeffrey Johnston, Michael Kurzer:

The Texas Data Privacy and Security Act (TDPSA), effective from July 1, 2024, mandates compliance from businesses operating in Texas or providing products/services to Texas residents, excluding small businesses and specific entities like state agencies and nonprofits. It defines consumer rights, responsibilities for data controllers and processors, and includes stringent requirements for handling personal and sensitive data. Sensitive data encompasses information such as race, health diagnoses, and biometric data, while certain healthcare and employment-related data are exempt. Organizations must conduct data protection assessments, update privacy policies, and establish systems for consumer rights compliance. Ensuring data security through administrative, technical, and physical measures is also emphasized.

Categories
Health Law Highlights

Does HIPAA Apply to Veterinarians?

Summary of article from The HIPAA Journal, by Steve Adler:

HIPAA does not apply to veterinarians because they do not conduct electronic healthcare transactions for which the Department of Health and Human Services has adopted standards, thus not qualifying as HIPAA covered entities. However, veterinarians are subject to various state-level data privacy and breach notification laws that resemble HIPAA regulations. For instance, California law prohibits the unauthorized disclosure of information concerning animal patients and their owners, with specific exceptions. Additionally, veterinarians handling data of EU citizens must comply with the GDPR. The American Veterinary Medical Association (AVMA) provides guidelines to help veterinarians navigate these diverse data privacy regulations.

Categories
Health Law Highlights

The Impact of the EU AI Act on the Healthcare Sector

Summary of article from DataGuidance, by Michael Borrelli:

The EU AI Act aims to regulate AI systems within the EU, categorizing them by risk levels and imposing stringent requirements on high-risk systems, particularly in healthcare. This legislation emphasizes transparency, accountability, and ethical considerations to ensure AI technologies are safe and trustworthy. High-risk AI systems in healthcare must meet rigorous standards for risk management, data quality, transparency, human oversight, and post-market monitoring. While compliance presents challenges, the Act fosters innovation and aims to improve healthcare outcomes and patient safety. Overall, the EU AI Act is pivotal in shaping the ethical deployment of AI in healthcare.