Categories
Health Law Highlights

Online Tracking Technologies and HIPAA Misconceptions

Summary of article from IAPP, by John Haskell:

Misconceptions persist about the use of online tracking technologies (OTTs) for marketing under HIPAA compliance. HIPAA mandates that covered entities must obtain explicit authorization from individuals before using or disclosing their personal health information (PHI) for marketing purposes. Simply signing a Business Associate Agreement (BAA) does not ensure compliance, particularly when PHI is involved. The U.S. Department of Health and Human Services (HHS) has clarified that disclosures of PHI to tracking technology vendors without proper authorizations are impermissible. Additionally, business associates are prohibited from using PHI for their own purposes, such as marketing campaigns. Compliance with HIPAA requires obtaining valid authorizations and adhering to specific guidelines, rather than relying solely on BAAs. Understanding these requirements is crucial to avoid regulatory issues.

Categories
Health Law Highlights

The TDPSA: A New Sheriff in Town for Texas Data Controllers and Processors

Summary of article from  Vinson & Elkins LLP, by Maggie Eller, Briana Falcon, Jeffrey Johnston, Michael Kurzer:

The Texas Data Privacy and Security Act (TDPSA), effective from July 1, 2024, mandates compliance from businesses operating in Texas or providing products/services to Texas residents, excluding small businesses and specific entities like state agencies and nonprofits. It defines consumer rights, responsibilities for data controllers and processors, and includes stringent requirements for handling personal and sensitive data. Sensitive data encompasses information such as race, health diagnoses, and biometric data, while certain healthcare and employment-related data are exempt. Organizations must conduct data protection assessments, update privacy policies, and establish systems for consumer rights compliance. Ensuring data security through administrative, technical, and physical measures is also emphasized.

Categories
Health Law Highlights

Data Privacy in Healthcare: Balancing Innovation with Patient Security

Summary of article from Healthcare IT Today, by Ganesh Nathella:

The integration of digital technologies in healthcare has improved patient care but also raised significant data privacy concerns. Healthcare organizations are investing in robust data protection measures as they adopt tools like telemedicine and remote monitoring. Emerging technologies such as blockchain, AI, and IoT offer solutions but also introduce new security challenges. Compliance with regulations like HIPAA and GDPR is critical, though fragmented global standards complicate this. Balancing innovation with patient security is essential for maintaining trust and advancing healthcare.

Categories
Health Law Highlights

AI and Digital Governance: Exploring Platform Liability

Summary of article from IAPP, by Uzma Chaudhry:

The modern internet, integrating AI, IoT, and advanced cybersecurity, is a rapidly evolving ecosystem with significant societal impact, accessible to 5.35 billion people globally. This digital landscape has increased the influence of intermediaries like search engines and social media, raising concerns about privacy, misinformation, and intermediary liability under laws such as Section 230 of the Communications Decency Act, Section 512 of the : Digital Millennium Copyright Act, and the EU e-Commerce Directive. The rise of generative AI adds complexity, challenging existing legal frameworks and prompting discussions on whether current immunities should extend to AI-generated content. Recent cases like Gonzalez v. Google highlight ambiguities in intermediary liability, particularly as AI technologies evolve. Future legal interpretations will need to address the nuances of AI and its role in content creation and dissemination.

Categories
Health Law Highlights

Fourth Circuit Broadens TCPA’s Reach Over ‘Unsolicited Advertisements’

Summary of article from Faegre Drinker Biddle & Reath LLP, by Bridgette Lehman, William Wright:

The Fourth Circuit Court of Appeals has broadened the interpretation of “unsolicited advertisements” under the TCPA in the case of Family Health Physical Medicine, LLC v. Pulse8, LLC. The court reversed a lower court’s dismissal, ruling that a fax inviting recipients to a free webinar could be considered an advertisement, even without explicitly offering goods or services for sale. This decision, which contrasts with narrower interpretations from other circuits, allows for “implicit marketing” and considers the potential for future promotional contact. As a result, businesses face increased liability and may need to reassess their fax communication strategies to mitigate TCPA risks. The ruling’s implications could influence TCPA litigation strategies beyond the Fourth Circuit.

Categories
Ask the Health Lawyer

Weighing the Pros and Cons of Synthetic Healthcare Data Use

Summary of article from Health IT Analytics, by Shania Kennedy:

Healthcare data, while valuable for improved outcomes, faces challenges including data quality, patient privacy, and HIPAA compliance. Synthetic data, artificially generated information that mimics real-world data (RWD), offers a promising solution by maintaining statistical properties of RWD without containing personally identifiable information. Synthetic data provides privacy preservation, prevents data re-identification, and supports algorithm training. However, it also presents challenges, including potential data quality issues, bias, and AI model collapse. While synthetic data generators need improvement and standardized quality assessment, they are being increasingly utilized for various healthcare projects.

Categories
Health Law Highlights

Privacy Abuses Will Meet ‘Full Force of the Law’ From New Texas Unit, Attorney General Says

Summary of article from The Record, by Joe Warminsky:

Texas Attorney General Ken Paxton has announced the formation of a new data-privacy team within the consumer protection unit of his office. The team will enforce Texas privacy laws, focusing on data privacy and security, identity theft, data brokers, biometric information, consumer protection, and federal laws covering children’s privacy (COPPA) and healthcare information (HIPAA). The Texas Data Privacy and Security Act, a consumer-friendly law, will come into effect on July 1. Paxton has stated that companies exploiting consumer data will face legal consequences. This move is in line with several states, like Vermont, implementing broad privacy laws as federal regulation remains in limbo.

Categories
Health Law Highlights

What You Need To Know About Texas Consumer Data Privacy Law

Summary of article from The National Review, by Elizabeth Rogers:

The Texas Data Privacy and Security Act (TDPSA) is a comprehensive privacy law that applies broadly to individuals and businesses dealing with personal data in Texas. It introduces a strong set of consumer privacy rights, including the rights to access, correct, and delete personal data, and to opt-out of data processing for targeted advertising. The law imposes obligations on data controllers, such as data minimization, nondiscrimination, and the requirement of consent before processing sensitive data. Controllers must also conduct data protection assessments for certain types of processing that pose heightened risks to consumers. The law is enforced by the Attorney General, with civil penalties of up to $7,500 per violation, and businesses are advised to update their privacy policies and procedures to comply with the TDPSA.

Categories
Health Law Highlights

As Healthcare AI Advances, How Do We Balance the Benefits With Privacy Concerns?

Summary of article from HackerNoon, by Emmanuel Akin-Ademola:

AI advancements are transforming the healthcare industry, with companies like GE Healthcare and Siemens Healthineers developing technologies for accurate scans and automating routine tasks. However, these innovations raise significant concerns about data privacy and potential breaches. To address these issues, technical approaches such as anonymizing, encryption, and privacy-oriented algorithms can be adopted, alongside robust legal frameworks to protect individuals’ medical records. Additionally, patient education on privacy practices and ongoing research into data privacy and automation algorithms are crucial. While AI holds great promise for healthcare, ensuring best security practices, regulatory compliance, and continuous research is essential for a secure and effective implementation.

Categories
Health Law Highlights

Is Your Texas Data Protection Assessment Started?

Summary of article from Data Protection Report, by By David Kessler, Annmarie Giblin, Joe McClendon, Susan Ross:

The Texas Data Privacy and Security Act (TDPSA), effective from July 1, 2024, applies to companies conducting business in Texas, processing personal data, and not classified as small businesses. Unlike other state laws, TDPSA requires companies to provide an opt-out option for automated profiling that could significantly impact consumers, such as employment opportunities. The Act mandates “controllers” to conduct a data protection assessment for specific uses of personal data, including sensitive data and profiling activities that pose a risk to consumers. The assessment, which must be available to the Texas Attorney General upon request, should balance benefits against potential risks to consumer rights. Only the Attorney General can enforce the TDPSA, and violations can result in civil penalties up to $7,500 per violation.