Category: Security



HHS Task Group Releases Cybersecurity Guidelines for the Health Care Industry

Share

Health care is one of the most complex and socially impactful areas of digitalization. Ensuring cybersecurity of health care operations, therefore, is of paramount importance – because potential vulnerabilities may lead not only to financial or technical exposures, but to lapses in life-or-death situations for patients.

To assist practitioners with education and guidelines, and in pursuance of Cybersecurity Act of 2015 (Public Law 114-113), Section 405(d), the Department of Health and Human Services created a “405(d) Task Group” in May 2017, involving, more than 150 health care and cybersecurity experts. The result of their collaborative work became a voluntary guideline entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was released at the end of 2018.

Continue reading

New Report Signals Further Changes to U.S. Policy toward IoT Technology from China

Share

In recent months, a series of U.S. government reports have documented U.S. policymakers’ growing concerns over Chinese government policies and programs designed to advance China’s competitive edge in a range of technologies and industries.  In turn, the findings of these reports are shaping U.S. economic and national security laws and policies, as illustrated by the recent Section 301 tariff actions, national security reviews of investment by Chinese firms under the Committee on Foreign Investment in the United States (CFIUS) process, and provisions of the recently-passed John McCain National Defense Authorization Act that restrict exports of “emerging and foundational technologies” and U.S. government use of certain Chinese-made telecommunications equipment.  Against this background, a report released on October 26, 2018, is likely to further increase U.S. government scrutiny of China-manufactured devices with internet connectivity features – so-called “Internet of Things” or “IoT” devices.

Continue reading

Security Recommendations for Mobile Health Apps

Share

Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization.  Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference.  When EHRs are combined with mobile platforms, the cybersecurity risks multiply.  Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.

Continue reading

Cybersecurity Responsibilities of a Plan Sponsor

Share

Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.

Continue reading

India Releases Draft Personal Data Protection Regulation

Share

India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.

Continue reading

New Biometrics and Geolocation Legislation Proposed in U.S. Senate, More States Consider Similar Laws

Share

Technology that determines an individual’s identity or location has been the subject of significant media attention in the first half of 2018: Amazon made news with the sale of its facial recognition technology to law enforcement, the U.S. Supreme Court ruled that the government generally must obtain a warrant to access certain types of geolocation information, California arrested the Golden State Killer using the DNA information of a relative, and Facebook came under fire for the way in which Cambridge Analytica accessed the data of tens of millions of users. Garnering less attention, but of no less importance, are the legislative efforts underway in the federal government and in many states to regulate these emerging technologies and limit the ways in which this information can be collected.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy