Data breach, cybersecurity, hacking,

Data breach, cyber security, hacking,

Patient privacy is evolving rapidly in post-Dobbs era, according to health and life sciences lawyers in a webinar hosted by the American Bar Association on Wednesday.

“Currently, a request by law enforcement officials for protected health information is not valid unless pursuant to process or otherwise required by law,” said Lynn Barrett, health attorney at Wachler & Associates.

Barrett and other panelists discussed what the Health Insurance Portability and Accountability Act (HIPAA) is actually protects as it relates to reproductive health data following Dobbs decision in June and how the Office for Civil Rights (OCR) is implementing these rules. Doctors, reproductive clinics, and femtech companies need to understand this intimately to mitigate liability as well as protect patients.

Barrett, who is based in Florida, where abortions are restricted, explained that if a patient goes to her doctor and says she is pregnant but not planning to have a baby, the provider would not be required to disclose that information to a law enforcement officer.

“What OCR is saying is that the intent to do something is not reportable under HIPAA,” Barrett said.

OCR worked with the American Medical Association and other medical organizations to develop its legal position, which states: “It would be inconsistent with professional and ethical standards to disclose to law enforcement anything related to an individual’s interests, intentions, or past experience with reproductive health,” Barrett said.

An interesting situation will be the federal prevention issues that arise if a doctor in Texas or Florida or another restrictive state decides to call law enforcement, Barrett said, referring to when federal law and state law conflict.

When it comes to medical information that isn’t shared with a provider but is linked to a personal device, such as a cell phone or laptop, it’s even more complicated. HIPAA does not protect information on personal devices.

If law enforcement suspects that a person has had an illegal abortion, they can go and request access to that person’s phone, their applications that theyyou are using their femtech applications, something like that,” said Bethany Corbin, a femtech attorney at Nixon Gwilt Law.

As a result of increased privacy concerns, some femtech apps, such as cycle tracking app Flo, have enabled an “anonymous” mode, Corbin said. Still, she would warn users against having a “false sense of security” because it’s not clear what “anonymous” means.

“It’s something we’ll have to continue to monitor to see how many apps come out with these modes and whether there’s any additional regulation for that,” Corbin said.

The black market value of health data, just a general health record, is about $250, Corbin said. And if you compare that to something like a credit card, a credit card costs about $5.60 on the black market. So the value of health data is now vastly increased from almost any other type of data you can get on the black market, Corbin said.

She also pointed out that some femtech companies have added a paid version to their free apps, which adds more privacy so customers have a sense of security, but this is also new territory and there needs to be more regulation, Corbin said.

Another panelist, Heather Deixler, a partner at Latham and Watkins in the health and life sciences practice, said there is a great need for a federal privacy law to protect reproductive health information, and the “patchwork” laws that vary from country to country, are very difficult to navigate.

Deixler said there is an analogy to be made between how patient data is protected when it comes to reproductive health and when it involves substance use disorder. For example, she said, when a patient is recovering from a substance use disorder, the patient’s information is protected by law enforcement even though what they are doing is engaging in illegal acts of substance abuse.

“Taking this approach can be a really good way to limit that.” [reproductive health] information not to be disclosed to law enforcement,” Deixler said.

Deixler also described how the Federal Trade Commission has responded to privacy concerns. In one case she described, FTC Sues Data Broker Kochava for selling patient data that tracks when people visit a reproductive health clinic.

Also, FTC Sues Period Tracking App Flo to sell data to Facebook and Google without patient consent.

“They said they weren’t sharing data with third parties, but they were,” Deixler said of Flo. “Part of what the FTC did was enforce transparency and said you have to get consent from individuals before you share information.”

The case was a “wake-up call” for people using these apps, Deixler said.

In a segment on what tech companies should do amid privacy concerns, Deixler suggested that tech companies use end-to-end encryption to protect patient data, limit the collection and sale of information that could reveal the health of pregnancy, to stop using artificial intelligence tools that reveal pregnancy status and links to share veterinary data.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *