Overview
Data is currently one of the most valuable assets in today’s economy. For example, in the health care industry, the volume of “health data”—which includes patient’s health, personal, and financial information—has been increasing by more than 45 percent per year.
That growth is being driven by major advances in the production and collection of health data; the wider adoption of novel technologies; the demand for personalized, high-quality care; and the need for health data analyses. Using health data to reduce costs, improve the efficiency of operations, or enhance the quality and safety of patient care has become an escalating priority for health care organizations and industry stakeholders.
Both data acquisition and data governance are also growing in importance in human resource organizations. Employers are gathering data from employees (and consumers) at a rapid rate. Personal data, biometric data, performance management, and employee engagement inputs provide great opportunities to help companies manage their workforces, and the urge to use the data grows every day. Policies and procedures to protect and determine the appropriate use of data must keep pace with the newest technologies and methods. One mistake can lead to a breach, litigation, or damaged reputation in the marketplace.
Epstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group has substantial experience advising human resource clients, clinical laboratories, payors, technology and digital health companies, physician practices, and health care systems with issues of data governance (i.e., the management of the availability, usability, integrity, and security of data) to meet compliance standards while improving cost and efficiency.
Data Analytics & Data Sharing
The use of “data analytics” (which focuses on examining large data sets to gather useful information to help organizations make more educated business decisions) holds great promise to inform health care stakeholders about the quality and cost of a patient’s treatment journey. However, legal issues could prove to be a significant impediment. For instance, identifiable health data is typically treated as a sensitive class of information warranting protection. Depending on how the identifiable health data is being collected, health care stakeholders may be subject to a wide array of legal obligations under the laws and regulations governing the use and disclosure of that data. Also, obligations under upstream and downstream agreements could affect rights to collect, use, or disclose the data through the chain of custody.
In addition, predictive analytics are now commonplace in human resources. Who will be the best candidate to hire or promote? Who will succeed in your company? Who is most likely to leave and go to a competitor? These are all important questions—some of which might be answered by predictive data analysis. However, these inquiries must be crafted carefully with legal guidance to prevent biased or discriminatory outcomes. Legally defensible outcomes may be unwittingly sacrificed to the latest technology fad unless they are tested and validated. This is both an exciting and potentially dangerous time for human resource management.
Our Privacy, Cybersecurity, and Data Asset Management Group has the knowledge and experience necessary to effectively guide employers through the laws and regulations affecting data analytics, predictive analytics, and data sharing—including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Federal Policy for the Protection of Human Subjects (also known as the “Common Rule”), the European Union’s General Data Protection Regulation (GDPR), 42 C.F.R. Part 2, emerging state data protection and breach laws and regulations, Food and Drug Administration (FDA) regulations, and/or Federal Trade Commission regulations—and to ensure that proper contractual protections relating to data collection, aggregation, use, and disclosure are in place.
Precision Medicine: A Case in Point
Precision medicine—a dynamic approach to the diagnosis, treatment, and prevention of disease that takes into consideration individual genetic variation, environment, and lifestyle—uses patient data (existing or created) to design patient-focused diagnoses and treatment plans. This new level of health care can only be achieved through the use of big data and the continual development of more sophisticated bioinformatics and artificial intelligence. Collaborations between laboratories and diagnostics developers working in the precision medicine area are becoming more common as companies explore innovative business models to speed development and share risks and rewards. But governmental oversight is also common, especially FDA oversight of medical devices, laboratory developed tests (LDTs), and Clinical Laboratory Improvement Amendments (CLIAs).
Epstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group is comprised of attorneys with training and experience in many of the areas related to precision medicine, including genetics, public health, neuroscience, chemistry, clinical trials monitoring, Institutional Review Board (IRB) oversight, bioinformatics, next-generation sequencing testing, and human subjects’ protection regulations, as well as with all relevant FDA laws, regulations, and guidance.
Our Services
Members of the Privacy, Cybersecurity, and Data Asset Management Group regularly provide clients with a full range of services relating to data governance, which includes, but is not limited to:
- Providing workforce management policies and training designed to protect organizations from loss of proprietary, competitive business information
- Advising on the international, federal, and state laws and regulations concerning data privacy, security, and breaches
- Reviewing vendor and contractor relationships and agreements for key protections
- Assisting clients with responses to government audits/investigations or private litigation
- Negotiating and drafting contracts with purchasers, sponsors, providers, contract sites, and principal investigators
- Reviewing and revising master services agreements, data use agreements, business associate agreements, data sharing agreements, confidentiality/nondisclosure agreements, and terms of use/privacy policies (and other representations made to consumers)
- Counseling clients using data analytics on developing mechanisms to obtain appropriate data rights and safeguard all sensitive information they receive
- Advising clients on patient privacy and security laws and rules at the federal and state levels
- Advising clients on human research and privacy rules at the federal and state levels
- Advising clients on FDA laws, regulations, and data integrity guidance; the Common Rule; the GDPR; and CLIA oversight as applied to medical devices and LDTs
- Drafting IRB protocol and patient release and informed consent forms
- Counseling clients on business arrangements to offer profit sharing from intellectual property created due to participants’ samples and data
- Representing clients during EHR Incentive Program audits by the Centers for Medicare & Medicaid Services
- Researching the regulatory environment surrounding bioinformatics
Read less
Focus Areas
Experience
Contacts
Member of the Firm
Member of the Firm
General Counsel / Chief Privacy Officer
Media
Events
Past Events
- April 13, 2022
Insights
Insights
- Blogs
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
42 minute read - Media CoverageAlaap Shah Quoted in “Don’t Worry, You (Probably) Won’t Have to Deal with ONC: Algorithm Transparency Rule May Have ...2 minute read
- BlogsVideo: California's Upcoming Cyber Audit and Automated Tech Rules - Employment Law This Week2 minute read
- Media CoverageAlaap Shah Quoted in “2024 Outlook: The Cybersecurity Trends Health System Leaders Need to Know”3 minute read
- PublicationsUSA: Future of Cybersecurity Law and Regulation2 minute read
- Media CoverageAlaap Shah Featured in “You Gotta Get the Data Right! Talking EMPI”2 minute read
- Media CoverageBrian Cesaratto Quoted in “Best Practices for Detecting and Managing Fraud”3 minute read
- PublicationsWomen's Network—Health Apps for Women: Life Solutions v. Data Risks2 minute read
- PublicationsSocial Equity in the Data Era: A Systematic Literature Review of Data-Driven Public Service Research2 minute read
- PublicationsTwitter Whistleblower Claim Is Cautionary Tale for Employers2 minute read
- PublicationsUSA: Employee Monitoring and Regulatory Frameworks for Keylogging Technology2 minute read
- Media Coverage
Alaap Shah Featured in AHLA Connections Magazine: Member Spotlight
3 minute read - PublicationsUSA: Security Considerations for VPNs2 minute read
- PublicationsUSA: Privacy and Cybersecurity Considerations for Contactless Payment Solutions4 minute read
- Media CoverageRobert Travisano Quoted in “Businesses Face Growing Risk of Cyberattacks, Financial Loss”2 minute read
- Firm Announcements
Epstein Becker Green’s Brian Cesaratto and Francesco DeLuca Named 2022 BTI Client Service All-Stars
3 minute read - PublicationsDOJ’s Civil Cyber-Fraud Initiative: What Contractors Need to Know About Novel Use of False Claims Act3 minute read
- PublicationsSenior Industry Leaders Need to Learn About AI3 minute read
- Media CoverageThe Ransomware Plague Continues, but the Response Model Is Changing2 minute read
- PublicationsHealth Cos. Must Prepare for Growing Ransomware Threat2 minute read
- PublicationsDesigning a Trusted Framework for the Application of AI in Health Care2 minute read