Privacy and Data Security
Subscribe to Privacy and Data Security's Posts

FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope

On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).

Read more here.




Protecting the Telehealth Consumer: FTC and State-Based Considerations

Telemedicine in the United States is facing an important crossroads. While telehealth services have demonstrated their value as an integral part of care delivery, federal and state waivers instituted during the COVID-19 pandemic are likely to expire soon. As lawmakers and agency officials consider updated or expanded digital health rules, regulators are expected to intensify their scrutiny of providers.

In this webinar, McDermott partners Jiayan Chen and Brian J. Boyle explore consumer protections for telehealth consumers, including the following:

  • Privacy considerations beyond the Health Insurance Portability and Accountability Act of 1996, including Federal Trade Commission requirements;
  • How to prepare for the Health Breach Notification Rule;
  • The ins and outs of advertising telehealth, including claims, endorsements and social media;
  • Strategies for engaging with users in the digital environment; and
  • Increased fraud enforcement.

Access the webinar.




Global Employment Law Update

Employment law continues to evolve, and it can be a challenge amid an ever-changing landscape of local employment laws for human resources executives and employment counsel at multinational businesses to maintain a consistent global corporate culture.

McDermott’s Global Employment Law Update brings you the key highlights from across Asia, Africa, Europe, Latin and North America. Developed in collaboration with peer firms operating in more than 50 countries, this resource guide contains summaries of the laws and significant court decisions that impacted employers and employees all over the world. It includes:

  • COVID-19 legislative updates
  • Remote work and telecommuting policies
  • Data privacy protections
  • Minimum wage and salary compensation updates
  • Changes to labor protection laws
  • Sexual harassment modifications

Access the report.




Access to Digital Health Applications and Digital Care Applications in Germany

The German federal cabinet recently approved the draft law on the digital modernization of healthcare and nursing care. The draft has been criticized for not taking into account lessons learned from the implementation of the 2019 digital health applications (DiGAs) law.

In this International News article, McDermott Will & Emery partner Dr. Stephan Rau and McDermott alumna Dr. Karolin Hiller provide insight into the planned German regulations on DiGAs and digital care applications (DiPAs).

Access the article.




VIDEO: COVID-19 Vaccination and Five Key Considerations for Healthcare Employers

The question of whether or not to make vaccinations mandatory for workers is being considered by employers globally, particularly those in the healthcare sector. In this video, McDermott Will & Emery partner Carole A. Spink outlines some of the most common employer-related vaccine questions, including incentives and data privacy concerns. Spink and McDermott partner Paul McGrath recently also wrote for McDermott’s International News about this topic.

Access the article.




VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World

In this video, McDermott Will & Emery partner Amy C. Pimentel explains the significance of health data transfers from the European Union to the United States in a post-Schrems II world. The recent Schrems II ruling invalidated the EU-US Privacy Shield, holding that the US legal regime on access to personal data does not contain adequate limitations and safeguards. Pimentel and McDermott’s Romain Perray recently also wrote for McDermott’s International News about this topic.

Access the article.




EBSA Privacy and Cybersecurity Guidance

Andrew C. Liazos, partner at McDermott Will & Emery, recently moderated an American Bar Association panel on the new cybersecurity guidance for retirement plan sponsors issued by the Department of Labor (DOL). The panel slides included 10 takeaways for the new DOL guidance.

Access the slides.

As a background, the DOL’s new guidance formalized its long-held view that retirement plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks. More specifically, the DOL expects retirement plan fiduciaries to select and monitor the cybersecurity practices of their service providers.

The DOL guidance is in three parts.

  • The first part provides plan fiduciaries with a framework for reviewing a vendor’s cybersecurity practices.
  • The second part provides a robust list of cybersecurity “best practices” for record keepers and other vendors responsible for plan-related IT systems and data. For example, the DOL recommends that all retirement plan vendors with critical participant data conduct a reliable annual third-party audit of their security controls.
  • The third part provides security tips for participants and beneficiaries who manage their retirement accounts online.



OSHA Releases Guidance for Employers Considering Vaccine Requirements

Recently, the Occupational Safety and Health Administration (OSHA) released three new FAQs for employers who recommend or require employees to receive COVID-19 vaccines. OSHA is responsible for enforcing workplace safety standards across the US.

McDermott previously reported that employers can require employees to be vaccinated as a condition of employment, though employers should consider several factors before making the decision to require employee vaccinations. The new OSHA guidance highlights additional considerations when requiring employee vaccinations.

Access the article.




American Rescue Plan Act of 2021: Key Healthcare Provisions

On March 10, 2021, US Congress finalized and passed the American Rescue Plan of 2021 (ARPA), the latest COVID-19 relief package that largely tracks President Joe Biden’s initial $1.9 trillion proposal. The ARPA extends unemployment insurance benefits and provides direct $1,400 stimulus payments to qualifying Americans, but it also makes several important health policy-related changes. These include providing funding for vaccine distribution and testing to combat the COVID-19 pandemic, making policy adjustments to the Medicaid program, facilitating health insurance coverage and providing more money for healthcare providers. The final bill also makes two narrowly focused technical Medicare payment changes.

This summary highlights notable health policy provisions of the final bill.

Access the summary.

For more information, please contact Meg Gilley, Mara McDermott, Kristen O’Brien, Katie Waldo, Rodney Whitlock or Eric Zimmerman.




COVID-19 Relief Bill Offers COBRA Reform and Temporarily Increases DCAP Maximum

On March 11, 2021, President Joe Biden signed the American Rescue Plan Act of 2021 (ARPA) providing Consolidated Omnibus Budget Reconciliation Act (COBRA) reform provisions and an increase in Dependent Care Assistance Program (DCAP) maximum deferrals. While details from the agencies are forthcoming, here is an overview of these provisions of the ARPA.

Access the article.




STAY CONNECTED

TOPICS

ARCHIVES