Medical privacy

AmeriHealth HMO, Inc. And AmeriHealth Insurance Company Of New Jersey Provides Notice Of A Privacy Incident

Thursday, July 2, 2020 - 3:00pm

CRANBURY, N.J., July 2, 2020 /PRNewswire/ --AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey (collectively "AmeriHealth New Jersey") are providing notice to certain members of a recent incident involving protected health information.

Key Points: 
  • CRANBURY, N.J., July 2, 2020 /PRNewswire/ --AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey (collectively "AmeriHealth New Jersey") are providing notice to certain members of a recent incident involving protected health information.
  • On May 8, 2020, the AmeriHealth New Jersey Privacy Office was notified that certain member information may have been accessible for unauthorized viewing.
  • The investigation determined that certain AmeriHealth New Jersey members used the same password credentials for multiple websites.
  • Upon learning of this incident, AmeriHealth New Jersey quickly took steps to ensure the security of the member portal accounts involved.

Independence Blue Cross Provides Notice Of A Privacy Incident

Thursday, July 2, 2020 - 3:00pm

PHILADELPHIA, July 2, 2020 /PRNewswire/ --Independence Blue Cross, LLC ("Independence") is providing notice to certain members of a recent incident involving protected health information.

Key Points: 
  • PHILADELPHIA, July 2, 2020 /PRNewswire/ --Independence Blue Cross, LLC ("Independence") is providing notice to certain members of a recent incident involving protected health information.
  • On May 8, 2020, the Independence Blue Cross Privacy Office was notified that certain member information may have been accessible for unauthorized viewing.
  • The investigation determined that certain Independence members used the same password credentials for multiple websites.
  • Upon learning of this incident, Independence quickly took steps to ensure the security of the member portal accounts involved.

California Privacy Legislation: A Timeline of Key Events

Wednesday, July 1, 2020 - 9:00pm

Authors: Katelyn Ringrose (Christopher Wolf Diversity Law Fellow) and Jeremy Greenberg (Policy Counsel)

Key Points: 
  • Authors: Katelyn Ringrose (Christopher Wolf Diversity Law Fellow) and Jeremy Greenberg (Policy Counsel)

    Today, the California Attorney General will begin enforcing the California Consumer Privacy Act (CCPA).

  • The California AGs office may bring enforcement actions and seek penalties for violations of core provisions of the CCPA.
  • Below is a timeline of events regarding California privacy legislation from 2016 2020.
  • It would also establish a new Privacy Protection Agency in California to create additional regulations and to enforce the law.

FPF Webinar Explores the Future of Privacy-Preserving Machine Learning

Wednesday, July 1, 2020 - 9:00pm

On June 8, FPF hosted a webinar, Privacy Preserving Machine Learning: New Research on Data and Model Privacy.

Key Points: 
  • On June 8, FPF hosted a webinar, Privacy Preserving Machine Learning: New Research on Data and Model Privacy.
  • Co-hosted by the FPF Artificial Intelligence Working Group and the Applied Privacy Research Coordination Network, an NSF project run by FPF, the webinar explored how machine learning models as well as data fed into machine learning models can be secured through tools and techniques to manage the flow of data and models in the ML ecosystem.
  • The papers presented, summarized in the associated Privacy Scholarship Reporter, represent key strategies in the evolution of private and secure machine learning research.
  • Professor Shokri discussed data privacy issues in machine learning with a specific focus on indirect and unintentional risks such as may arise from metadata, data dependencies, and computations of data.
  • Dr. Salem and his co-authors explored how machine learning models can be attacked and prompted to give incorrect answers through both static and dynamic triggers.
  • Given the possibility that attacks against models could cause adverse outcomes, it seems likely to expect consensus that machine learning models need to be well protected.
  • Following all the presentations, the speakers joined FPF for a joint panel discussion about the general outlook for privacy preserving machine learning.
  • They concur that the future of privacy in machine learning will necessarily include both data protections and model protections and will need to go beyond a simple compliance-focused effort.

OAIC to enforce privacy safeguards in new Consumer Data Right

Wednesday, July 1, 2020 - 3:08pm

Australian Information Commissioner and Privacy Commissioner Angelene Falk said ensuring CDR providers understand and comply with the privacy safeguards is a key priority for the OAIC.

Key Points: 
  • Australian Information Commissioner and Privacy Commissioner Angelene Falk said ensuring CDR providers understand and comply with the privacy safeguards is a key priority for the OAIC.
  • The start of the Consumer Data Right in the banking sector today is an important step forward in giving consumers more choice and control over their data, Commissioner Falk said.
  • Commissioner Falk said the OAIC will assess and enforce compliance with the privacy safeguards and handle consumer complaints from individuals and small business.
  • A joint Compliance and Enforcement Policy outlines how the OAIC and ACCC will exercise their co-regulatory powers and encourage compliance with the Consumer Data Right Rules and legislation, including the Privacy Safeguards, and Consumer Data Standards developed by the Data Standards Body, CSIROs Data61.

Evidation Raises $45 Million Series D, Hires CCO To Accelerate Commercial Momentum and Expand Into Virtual Health

Wednesday, July 1, 2020 - 10:00am

Evidation Health today announced the close of $45 million in Series D funding to power the expansion of its privacy-first, direct-to-person research platform, Achievement, to include virtual health.

Key Points: 
  • Evidation Health today announced the close of $45 million in Series D funding to power the expansion of its privacy-first, direct-to-person research platform, Achievement, to include virtual health.
  • Sam Marwaha, Senior Partner at Boston Consulting Group and long-time advisor to Evidation, joins the company as Chief Commercial Officer.
  • The first of these new virtual health offerings is slated for release later this year.
  • Evidation has led the way in health measurement and has proven out the potential of person-generated health data.

Manatt and the Robert Wood Johnson Foundation Release Considerations for Developing a Consumer Health Data Privacy Framework

Tuesday, June 30, 2020 - 11:06pm

Manatt Health, the firms healthcare legal and consulting group, developed the white paper with the support of the Robert Wood Johnson Foundation to examine the gaps in existing health data privacy protections, the implications these gaps may have for consumers and healthcare industry stakeholders, and options for advancing a forward-looking data privacy framework.

Key Points: 
  • Manatt Health, the firms healthcare legal and consulting group, developed the white paper with the support of the Robert Wood Johnson Foundation to examine the gaps in existing health data privacy protections, the implications these gaps may have for consumers and healthcare industry stakeholders, and options for advancing a forward-looking data privacy framework.
  • However, as warned by health data privacy experts, the rapid increase in health data liquiditywhile beneficial to consumers, patients and marketplace competitionis also outpacing the development of regulatory safeguards to protect the public.
  • Given the increased attention placed on consumer privacy, the eHealth Initiative Foundation (eHI) and the Center for Democracy & Technology (CDT), in a separate project funded by the Robert Wood Johnson Foundation, are collaborating on an initiative entitled Building a Consumer Privacy Framework for Health Data.
  • For more than 45 years the Robert Wood Johnson Foundation has worked to improve health and health care.

Data Center Company Settles FTC Privacy Shield Case

Tuesday, June 30, 2020 - 10:01pm

The Privacy Shield framework allows participants to transfer data from European Union countries to the U.S. in compliance with EU law.

Key Points: 
  • The Privacy Shield framework allows participants to transfer data from European Union countries to the U.S. in compliance with EU law.
  • In a complaint filed in November 2019, the FTC alleged that, between January 2017 and October 2018, RagingWire claimed in its online privacy policy and marketing materials that the company participated in the Privacy Shield framework and complied with the programs requirements.
  • The proposed settlement also prohibits the company from misrepresenting its participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization.
  • If its certification of participation in the Privacy Shield framework lapses in the future, the company also must continue to apply the Privacy Shield protections to personal information it collected while participating in the program, or return or delete the information.

Data Center Company Settles FTC Privacy Shield Case

Tuesday, June 30, 2020 - 10:01pm

The Privacy Shield framework allows participants to transfer data from European Union countries to the U.S. in compliance with EU law.

Key Points: 
  • The Privacy Shield framework allows participants to transfer data from European Union countries to the U.S. in compliance with EU law.
  • In a complaint filed in November 2019, the FTC alleged that, between January 2017 and October 2018, RagingWire claimed in its online privacy policy and marketing materials that the company participated in the Privacy Shield framework and complied with the programs requirements.
  • The proposed settlement also prohibits the company from misrepresenting its participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization.
  • If its certification of participation in the Privacy Shield framework lapses in the future, the company also must continue to apply the Privacy Shield protections to personal information it collected while participating in the program, or return or delete the information.

FTC settlement focuses on those other Privacy Shield Framework requirements

Tuesday, June 30, 2020 - 10:00pm

FTC settlement focuses on those other Privacy Shield Framework requirements The FTCs administrative litigation against NTT Global Data Centers Americas, Inc., just ended with a proposed settlement and an important compliance message for companies that claim participation in the EU-U.S. Privacy Shield framework.

Key Points: 

FTC settlement focuses on those other Privacy Shield Framework requirements

    • The FTCs administrative litigation against NTT Global Data Centers Americas, Inc., just ended with a proposed settlement and an important compliance message for companies that claim participation in the EU-U.S. Privacy Shield framework.
    • Administered by the U.S. Department of Commerce, the Privacy Shield Framework enables companies to lawfully transfer consumer data from countries in the European Union to the United States.
    • Despite two warnings from the Commerce Department, NTT Global Data Centers didnt revise its privacy policy to change what it said about its Privacy Shield participation.
    • One Privacy Shield requirement is that participants annually verify through self-assessment or outside compliance review that what they say about their Privacy Shield practices are true.
    • Thus, Count 2 of the complaint alleged that the companys statements that it complied with Privacy Shield were false.
    • Once companies withdraw from Privacy Shield, what happens to the personal information they collected while they were participants?
    • Furthermore, for as long as it participates in Privacy Shield, NTT Global Data Centers must retain a third-party assessor and not rely on self-assessment to verify that its claims about its Privacy Shield practices are true.
    • Make sure your express or implied statements about Privacy Shield are based in fact and reflect the current status of your participation.
    • The FTC has brought close to 40 law enforcement actions against companies that allowed their certifications to lapse and yet continued to claim participation in Privacy Shield or similar programs.