Data is one of the most valuable assets in today’s economy. In the health care industry, the volume of “health data”—which includes patient’s health, personal, and financial information—has been growing rapidly.

That growth is being driven by major advances in the production and collection of health data; the wider adoption of novel technologies; the demand for personalized, high-quality care; and the need for health data analyses. Using health data to reduce costs, improve the efficiency of operations, or enhance the quality and safety of patient care has become an escalating priority for health care organizations and industry stakeholders.

Both data acquisition and data governance are also growing in importance in human resource organizations in many industries. Employers are gathering data from employees (and consumers) at a rapid rate. Personal data, biometric data, performance management, and employee engagement inputs provide great opportunities to help companies manage their workforces, and the urge to use the data grows every day. Policies and procedures to protect and determine the appropriate use of data must keep pace with the newest technologies and methods. One mistake can lead to a breach, litigation, or damaged reputation in the marketplace.

Read more

Epstein Becker Green’s Privacy, Cybersecurity & Data Asset Management Group has substantial experience advising human resource clients, clinical laboratories, payors, technology and digital health companies, physician practices, and health care systems with issues of data governance (i.e., the management of the availability, usability, integrity, and security of data) to meet compliance standards while improving cost and efficiency.

Data Analytics & Data Sharing

The use of “data analytics” (which focuses on examining large data sets to gather useful information to help organizations make more educated business decisions) holds great promise to inform health care stakeholders about the quality and cost of a patient’s treatment journey. However, legal issues could prove to be a significant impediment. For instance, identifiable health data is typically treated as a sensitive class of information warranting protection. Depending on how the identifiable health data is being collected, health care stakeholders may be subject to a wide array of legal obligations under the laws and regulations governing the use and disclosure of that data. Also, obligations under upstream and downstream agreements could affect rights to collect, use, or disclose the data through the chain of custody.

In addition, predictive analytics are now commonplace in human resources across industries. Who will be the best candidate to hire or promote? Who will succeed in your company? Who is most likely to leave and go to a competitor? These are all important questions—some of which might be answered by predictive data analysis. However, these inquiries must be crafted carefully with legal guidance to prevent biased or discriminatory outcomes. Legally defensible outcomes may be unwittingly sacrificed to the latest technology fad unless they are tested and validated. This is both an exciting and potentially dangerous time for human resource management.

Our Privacy, Cybersecurity & Data Asset Management Group has the knowledge and experience necessary to effectively guide employers through the laws and regulations affecting data analytics, predictive analytics, and data sharing—including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Federal Policy for the Protection of Human Subjects (also known as the “Common Rule”), the European Union’s General Data Protection Regulation (GDPR), 42 C.F.R. Part 2, emerging state data protection and breach laws and regulations, Food and Drug Administration (FDA) regulations, and/or Federal Trade Commission regulations—and to ensure that proper contractual protections relating to data collection, aggregation, use, and disclosure are in place.

Precision Medicine: A Case in Point

Precision medicine—a dynamic approach to the diagnosis, treatment, and prevention of disease that takes into consideration individual genetic variation, environment, and lifestyle—uses patient data (existing or created) to design patient-focused diagnoses and treatment plans. This new level of health care can only be achieved through the use of big data and the continual development of more sophisticated bioinformatics and artificial intelligence. Collaborations between laboratories and diagnostics developers working in the precision medicine area are becoming more common as companies explore innovative business models to speed development and share risks and rewards. But governmental oversight is also common, especially FDA oversight of medical devices, laboratory developed tests (LDTs), and Clinical Laboratory Improvement Amendments (CLIAs).

Epstein Becker Green’s Privacy, Cybersecurity & Data Asset Management Group is comprised of attorneys with training and experience in many of the areas related to precision medicine, including genetics, public health, neuroscience, chemistry, clinical trials monitoring, Institutional Review Board (IRB) oversight, bioinformatics, next-generation sequencing testing, and human subjects’ protection regulations, as well as with all relevant FDA laws, regulations, and guidance.

Our Services

Members of the Privacy, Cybersecurity & Data Asset Management Group regularly provide clients with a full range of services relating to data governance, which includes, but is not limited to:

  • Providing workforce management policies and training designed to protect organizations from loss of proprietary, competitive business information
  • Advising on the international, federal, and state laws and regulations concerning data privacy, security, and breaches
  • Reviewing vendor and contractor relationships and agreements for key protections
  • Assisting clients with responses to government audits/investigations or private litigation
  • Negotiating and drafting contracts with purchasers, sponsors, providers, contract sites, and principal investigators
  • Reviewing and revising master services agreements, data use agreements, business associate agreements, data sharing agreements, confidentiality/nondisclosure agreements, and terms of use/privacy policies (and other representations made to consumers)
  • Counseling clients using data analytics on developing mechanisms to obtain appropriate data rights and safeguard all sensitive information they receive
  • Advising clients on patient privacy and security laws and rules at the federal and state levels
  • Advising clients on human research and privacy rules at the federal and state levels
  • Advising clients on FDA laws, regulations, and data integrity guidance; the Common Rule; the GDPR; and CLIA oversight as applied to medical devices and LDTs
  • Drafting IRB protocol and patient release and informed consent forms
  • Counseling clients on business arrangements to offer profit sharing from intellectual property created due to participants’ samples and data
  • Representing clients during EHR Incentive Program audits by the Centers for Medicare & Medicaid Services
  • Researching the regulatory environment surrounding bioinformatics

Read less

Focus Areas







Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.