Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: FDA

Posted in Health Privacy/HIPAA

New York Regulators Lead the Charge to Fill Health Data Protection Gaps Left by Federal Law

After a year-long investigation into mobile health apps claiming to be able to measure vital signs or health indicators through smartphone sensors, the New York Attorney General settled claims against three developers alleged to have engaged in “misleading” marketing claims and “irresponsible” privacy practices. Mobile health apps Cardiio and Runtastic claimed that their apps effectively and accurately measured heart rate after vigorous exercise using only a smartphone camera and sensors. The third, Matis, claimed that its app transformed a smartphone into a fetal heart monitor. Concerned that unregulated apps claiming to measure key vital signs and other health indicators may harm consumers if the apps provide inaccurate or misleading results, NY AG Eric Schneiderman brought enforcement actions against the trio of developers.

Posted in Cybersecurity & Data Breaches

Conference on Medical Device and Healthcare Cybersecurity Highlights New Challenges

The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration, Department of Health and Human Services, and the Department of Homeland Security. The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

OCR and NIST Host Conference and Provide Insights on Safeguarding Health Information

Government officials emphasized the importance of risk analysis and risk management in safeguarding PHI at the Seventh Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 23–24, 2014, and co-hosted by the National Institute of Standards and Technology and the Department of Health and Human Services, Office for Civil Rights. The conference’s themes—which include risk analysis and risk management, information sharing, and upcoming OCR enforcement efforts—highlighted how HIPAA regulated entities should approach cybersecurity considerations and compliance with the HIPAA Security Rule.

Posted in Cybersecurity & Data Breaches

FDA Seeks Enhanced Cybersecurity Risk Management Efforts, Including Premarket Submission Requirements, for Medical Device Manufacturers and Hospitals

Drawing on the increasing use of wireless, Internet- and network-connected medical devices, the Food and Drug Administration issued a draft guidance document for comment on June 14, 2013, proposing that manufacturers of medical devices that contain software, firmware, or programmable logic, address cybersecurity risks in premarket submissions. The draft guidance represents the Agency’s most direct and recent effort to address the potential risks of compromised medical device functionality due to intentional or unintentional cyber-attacks. In conjunction with the draft guidance, FDA issued a safety communication on its website addressing not only medical device manufacturers, but hospitals, medical device user facilities, and health care IT and procurement staff, recommending that these facilities also take steps to ensure that safeguards are place to reduce the risks of medical device failures resulting from cybersecurity breaches, and report such failures.