Protected Health Information

The Spanish AEPD has published guidelines on patient health data protection.

The guidelines track the requirements of GDPR as applicable to patient data including the obligation to provide adequate disclosure under Article 12 and data subject rights.

Key Takeaways

  • In the field of health care the right to suppression of clinical history data is very

“New York Gov. Andrew Cuomo recently signed legislation that will effectively prohibit ambulance and first response service providers from disclosing or selling patient data to third parties for marketing purposes.

The bill was signed into law on October 7. The new law bans the sale of patient data, or individually identifying information to third parties,

Research institutions should aim to have proper consent practices that maximize their ability to collect and use patient information.

“Most patients would donate their health data and biospecimens for biomedical research, but few are willing to share everything, and institutions’ current consent practices don’t accommodate this, a study found.”

“The findings indicate more research institutions

A study shows that “92 percent of 36 mental health apps shared data with at least one third party — mostly services that help with marketing, advertising, or data analytics.”

“About half of those apps did not disclose that third-party data sharing, for a few different reasons: nine apps didn’t have a privacy policy at

“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the EU.”

The European Commission has updated FAQs on the interplay between the forthcoming Clinical Trials Regulation (CTR) and GDPR.

Key Takeaways:

Data subject access rights and your medical practice.

The UK Information Commissioner’s Office (ICO) issues advice.

Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors.

  • General Practicioners (GPs) cannot query the reason for requesting

Registration for the Privacy Summit is open.

Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders in major industries, experienced regulatory and compliance professionals and the Chief

Elizabeth Litten (Fox Rothschild Partner and HIPAA Privacy & Security Officer) and Mark McCreary (Fox Rothschild Partner and Chief Privacy Officer) will be presenting at the New Jersey Chapter of the Healthcare Financial Management Association on August 30, 2017, from 12:00-1:00 pm eastern time. The presentation is titled: “Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy.”
Continue Reading

Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015. Briefly, Centers for Medicare and Medicaid Services must remove Social Security Numbers from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier to replace the existing use of SSNs.
Continue Reading

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading