fbpx

Download free GDPR compliance checklist!

Tag Archives for " health "

Alphabet’s Verily Plans to Use Big Data for Health Insurance

Verily, the Alphabet Inc. life sciences unit that’s previously targeted mosquito-borne illness and launched Covid-19 testing programs, is getting into the health insurance business.

Company announced a new subsidiary named Coefficient Insurance that will also be backed by Swiss Re Corporate Solutions, the commercial insurance unit of Swiss Re Group. The company will sell stop-loss insurance, a type that helps cover unexpectedly large claims against employers who self-fund their health-benefit policies.

Source: Alphabet’s Verily Plans to Use Big Data for Health Insurance (1)

Germany Prepares New Law for Patient Data Protection

On 3 July 2020, the German parliament passed a draft bill for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020.

One of the main objectives of the bill is to make everyday life easier for patients and healthcare professionals by increasing use of innovative digital applications, while protecting sensitive health data.

Source: Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes

HSE will no longer tell employers workers’ test results

The Health Service Executive has said it is to suspend the practice of informing employers of Covid-19 test results and is to seek guidance from the Data Protection Commissioner (DPC).

In some cases, the results were sent to employers who informed workers before the HSE. The DPC has said this is not legitimate.

In view of the concerns raised by some employees in relation to this issue, the HSE will reconsider the use of exceptions and has suspended the practice while it seeks guidance from the Data Protection Commissioner.

Source: HSE will no longer tell employers workers’ test results

UK racing to improve contact-tracing app’s privacy safeguards

NHS officials are racing to introduce greater privacy safeguards for the contact-tracing app at the centre of the government’s lockdown exit strategy amid mounting concern from security experts, MPs and users.

It plans to complete the appointment of an ethics board to improve oversight and publish the software source code in the next month, and has not ruled out “a sunset clause”, agreeing to delete all data collected once the country returns to normal.

Source: UK racing to improve contact-tracing app’s privacy safeguards | Technology | The Guardian

German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications

On April 21, 2020, the Regulation on the Requirements and Reimbursement Process for Digital Health Applications (DiGAV) entered into force in Germany.

Among other provisions, the DiGAV includes specific IT security and privacy requirements. Shortly after the law took effect, Germany’s Federal Medicines and Medical Devices Agency (“BfArM”) also released an extensive explanatory Guidance to the DiGAV.

While the scope of application of the DiGAV and the BSI draft guidance may be limited, the documents can serve to provide useful insights and benchmarks for health applications generally.

Full article: German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications

EDPB adopts further COVID-19 guidance

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

The  guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.

The guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak aim to clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes:
1.    using location data to support the response to the pandemic by modelling the spread of the virus in order to assess the overall effectiveness of confinement measures;
2.    using contact tracing, which aims to notify individuals who may have been in close proximity to someone who is eventually confirmed as a carrier of the virus, in order to break the contamination chains as early as possible.

Source: European Data Protection Board – Twenty-third Plenary session: EDPB adopts further COVID-19 guidance | European Data Protection Board

UK government using confidential patient data in coronavirus response

Technology firms are processing large volumes of confidential UK patient information in a data-mining operation that is part of the government’s response to the coronavirus outbreak, according to documents seen by the Guardian.

While anonymised, confidential information in the Covid-19 datastore may include people’s gender, postcode, symptoms, the mechanism through which any prescription was dispatched to them, and the precise time they ended the call.

Source: UK government using confidential patient data in coronavirus response

EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

As Europe is grappling with an exponential increase in COVID-19 cases, some European Data Protection Authorities issued public interest guidance on the limits of collecting, sharing and using personal data relating to health in these exceptional circumstances.

Particular areas of concern are related to the breadth of measures that employers can legally take to monitor the health of their employees, as well as the collection of health data by government agencies. Overall, regulators highlight that data protection law is by no means a barrier to public health, but advise organizations against “systematic and generalized” monitoring and collection of data related to health of their employees outside official requests and measures of public health authorities.

Source: EU DPAs Issue Green and Red Lights for Processing Health Data During the COVID-19 Epidemic

Healthcare data hacking could lead to identity thefts

When a healthcare company is hacked, criminals gain access not only to health information, but also to demographic and financial data that could compromise patients’ privacy and financial security, researchers from the Michigan State and Johns Hopkins report.

Theft of medical data may not affect patients much because there isn’t a big market for it, said the study’s lead author, Xuefeng Jiang, a professor of accounting and information systems at the Eli Broad College of Business at Michigan State University.

Full article: Healthcare data hacking could lead to identity thefts – Reuters

EDPB and the EDPS consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

On July 12, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI).

The eHDSI system was established in the context of the eHealth Network and allows for the exchange of electronic health data of patients between Member States. Opinion confirms that Member States act as “joint controllers” and the European Commission acts as a processor in processing of patient data within the eHDSI .

Full article: The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

>