Summary of article from Troutman Pepper, by Brent Hoard, Emma Trivax, Erin Whaley:
The rapid expansion of telehealth introduces complex privacy and cybersecurity challenges, impacting financing or acquisition decisions in the health care sector. A strategic pre-diligence review is advised to identify potential risks and regulatory environment, including HIPAA, FTC’s Health Breach Notification Rule, state-specific privacy laws, and international privacy laws. The pre-diligence review should also include an examination of the target’s privacy policy, website, and data practices. This information should then inform a comprehensive due diligence process, including the development of a request list and a framework for organizing diligence issues. Finally, a plan should be put in place to address any identified compliance risks or business issues pre- and post-acquisition.