Life Sciences Privacy & Cybersecurity

Experience

Advise hospital on data access arrangement that allows safe patient information sharing

We worked with a hospital to build a data access arrangement that enabled them to share data between coding staff and off-site providers. We worked with the client to help structure the agreements to ensure protected and sensitive health care records and information are properly protected, as well as to build policies to ensure controls are in place.

Cyber Security Defense Verdict In FTC Administrative Action

Successfully defended LabMD at trial before the FTC Chief Administrative Law Judge. LabMD is the medical laboratory whose data security policies, practices and procedures allegedly violated section 5 of the FTC Act. After a lengthy trial the Administrative Law Judge dismissed the complaint. This is a landmark case because it is the first instance in which the FTC has prosecuted a HIPAA “Covered Entity” for violation of consumer privacy without being joined by HHS. It is also the first instance in which the FTC has been forced to take a case to trial involving data security and privacy. Thus this case established the adjudicatory framework for FTC cyber security administrative trials including the standard of proof and elements required to prove section 5 consumer harm in a cyber security case.