More than three months have passed since the U.S. Supreme Court rendered its decision to reverse Roe v. Wade and remove the constitutional right to an abortion. Implications for individual privacy rights and data privacy stemming from the decision are clear and continue to be worked through. But simply working toward a solution won't suffice for arriving at concrete fixes, according to participants in a keynote panel at the opening general session of the IAPP Privacy. Security. Risk. 2022 confe... Read More

Definitions can be messy, especially when they move from dictionaries to law books. Just look at the idea of genetic data and ponder this riddle: When is a medical test result genetic information? The National Institute of Standards and Technology definition of “genomic information” says it is limited to information based on an individual’s genome, such as a sequence of DNA or the results of genetic testing. Privacy laws broaden the scope of covered data within such a functional definition — pe... Read More

The draft American Data Privacy and Protection Act that is the focus of current attention raises many complex issues. I want to focus on one detail from the bill. My basic objective is to illustrate some of the difficulties of regulating health information that exists outside the health care system. The bill defines sensitive covered data to include “Any information that describes or reveals the past, present, or future physical health, mental health, disability, diagnosis, or healthcare treatm... Read More

On June 24, the U.S. Supreme Court overturned Roe v. Wade, confirming the understanding contained in the draft decision leaked in early May. Roe v. Wade is a paradigmatic decision that secured the constitutional right to abortion in the country in 1973. After 49 years, it came to an end. The recent decision allows a number of U.S. states to adopt laws criminalizing abortion in a short time. It is thought that approximately half of the U.S. states will ban or severely restrict the practice. This... Read More

HIPAA and COVID-19 have been in the news together a lot lately. Most of what you see is wrong. Here’s a refresher — for yourself, and your strange friend who read something on the internet and is now a HIPAA expert or, all too frequently, a “HIPPA” expert.  First, HIPAA is not an overall health information privacy rule. The name of the statute may give some clues — the Health Insurance Portability and Accountability Act. The single “P” in the name is for portability, not privacy. Neither privac... Read More

Multiple mobile health applications “share (user) information with a broad collection of advertisers,” according to an investigation conducted by The Washington Post. While data most apps share does not directly identify users, they typically use a sequence of numbers, or identifiers, linked to a user’s device, the investigation found. The app makers generally argued sharing a keyword search by a user is not equivalent to disclosing their health concerns. However, privacy advocates warned sellin... Read More

The Verge reports analysis conducted by Mozilla researchers on 25 fertility and period-tracking applications showed potential issues with privacy notices, data collection and use practices, and user privacy protections. Mozilla *Privacy Not Included project lead Jen Caltrider said these app providers need to be "extra diligent when it comes to the privacy and security" but "too many are not." Inside Higher Ed reports on how colleges and universities are approaching students' reproductive heal... Read More

Mobile applications that help treat mental health issues have grown significantly since the start of the COVID-19 pandemic, Axios reports. Despite more access to treatment, many of the apps available vary on their privacy notices, leaving consumers uncertain on their health data privacy. According to the article, "fewer than half of 116 apps for depression surveyed had any privacy (notice)."Full Story... Read More

The Wall Street Journal reports researchers are designing applications that could give therapists access to data from patients’ smartphones in between sessions. The apps would use voice-analysis software and online-search behavior to help professionals assess and assist with patients’ conditions. While questions remain about how to ensure informed consent and safeguard users’ information, University of Washington Psychiatry and Behavioral Sciences Professor Dr. Patricia Areán said if patients en... Read More

LifeBridge Health agreed to a $9.5 million settlement in a class-action lawsuit over a 2018 data breach that compromised personal data of more than 500,000 patients, HIPAA Journal reports. Under the settlement, an $800,000 fund will cover claims from class members who said their personal data was exposed to identity thieves and LifeBridge Health will allocate $7.9 million to security improvements, including data encryption and multifactor authentication.Full Story... Read More

In a report of personal data incidents received in 2021, Sweden’s data protection authority, Integritetsskyddsmyndigheten, noted a 26% increase in cybersecurity attacks on the health care sector. A total of 5,767 personal data incidents were reported in 2021, the IMY reported, primarily due to incorrect sending of letters, emails or text messages. The IMY said human error is behind six out of 10 incidents. Full Story... Read More

More than three months have passed since the U.S. Supreme Court rendered its decision to reverse Roe v. Wade and remove the constitutional right to an abortion. Implications for individual privacy rights and data privacy stemming from the decision are clear and continue to be worked through. But simply working toward a solution won't suffice for arriving at concrete fixes, according to participants in a keynote panel at the opening general session of the IAPP Privacy. Security. Risk. 2022 confe... Read More

Gov. Gavin Newsom, D-Calif., recently signed two bills into California law that protect individuals' abortion data, Health IT Security reports. Bill AB 1242 prohibits state law enforcement entities and corporations from fulfilling search warrant requests from out-of-state law enforcement investigating anyone obtaining a lawful abortion in California. The other bill, AB 2091, bars health care providers from "releasing medical information on an individual seeking abortion care in response to a sub... Read More

The European Commission plans to improve access to health data for patients, medical professionals, regulators and researchers to reduce unnecessary medical tests and prescriptions, Reuters reports. Under the proposal, data from patients’ health records and wellness applications would be combined and made accessible through free online databases under strict privacy rules. Patients cannot always access their health data electronically and hospitals often do not share data in its entirety with ot... Read More