Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

Digital Health, Big Data, Cybersecurity, and Privacy – Four Key Takeaways from C&M’s Digital Health Strategies Conference

By Marisa E. Adelson on July 27, 2016
Email this postTweet this postLike this postShare this post on LinkedIn

In late June, Crowell & Moring partnered with Accenture to host a comprehensive one-day conference on legal issues affecting the digital health landscape. The program covered a wide range of topics, some of which you can read more about via the following links: Developing Digital Health Platforms; the Health Care Economy’s Internet of Things; and New Payment Models and Data. More information on the June 23rd “Fostering Innovative Digital Health Strategies Conference” can be found on Crowell.com.

One session touched upon privacy and cybersecurity issues regarding the usage of products and data in the digital health realm. This panel was moderated by Fauzia Zaman-Malik, Accenture’s Global Legal Lead for Health Industry Offerings and North America Legal Lead for Health and Public Services Operating Group; and featured Evan Wolff, partner at Crowell & Moring; Cora Han, FTC senior attorney, Division of Privacy and Identity Protection; and Hilary Weckstein, chief privacy officer at Inovalon, Inc.

This panel focused on methods and benefits of de-identification, HIPAA requirements, the FTC’s role in regulating big data and digital health technologies, and data breach preparation and response.  Keep reading for four key takeaways from this session; the full panel session can also be accessed by video at this link.

  • Ensure proper de-identification. De-identification refers to removing certain personal data from information so that it can no longer be tied back to the individual source of that data. As a general matter, companies dealing with identifiable and de-identified data should limit who can access identifiable data to a small number of people in the organization and establish strict policies and processes around de-identification. This may include use of a steering committee for de-identification methods and data uses.
  • Policy is a moving target, but there is guidance. The newness and ever-expanding world of what constitutes health data has the potential for use and sharing of data in ways consumers cannot expect. Consumers want to share this information in certain contexts (e.g., disease communities) but not others (e.g., advertising, employment, insurance). The FTC’s guidance for mobile health app developers provides a great starting place for companies that want to know which laws may apply, and its big data report addresses how companies using such data can avoid inadvertently harming consumers.
  • Incident response requires a defined governance structure.  Cybersecurity incident response is a shared responsibility among technical personnel, a Chief Information Security Officer, human resources, counsel responsible for cyber issues, and any other personnel necessary to answer questions and provide press statements and notifications.  Development of an operational structure to ensure proper management and oversight in the event of an incident and to facilitate appropriate communication between responsible positions (including regular meetings) is critical.
  • Security is about risk mitigation. In the current climate, there are two types of companies:  those that have been hacked and know it and those that have been hacked and don’t know it.  Given the likelihood of a breach, it is critical for companies to identify their sensitive and regulated data and systems, to develop incident response plans (including a company-wide escalation process for various types of cyber events) and to conduct simulated exercises to test those plans well in advance of a breach.

Experienced legal counsel can help protect privacy of health information, develop compliance and risk management strategies, and deal with incident response. For more information, please contact the authors of this post or your regular Crowell & Moring contact.

Photo of Marisa E. Adelson Marisa E. Adelson

Marisa Adelson is an associate in Crowell & Moring’s San Francisco office, where she practices in the Health Care and Antitrust groups. In her health care practice, Marisa represents managed care payors and provides counseling on regulatory compliance. Marisa’s antitrust practice primarily involves…

Marisa Adelson is an associate in Crowell & Moring’s San Francisco office, where she practices in the Health Care and Antitrust groups. In her health care practice, Marisa represents managed care payors and provides counseling on regulatory compliance. Marisa’s antitrust practice primarily involves complex antitrust recovery litigation. Marisa has an active pro bono practice and currently represents a client from South Asia seeking asylum in the United States.

Read more about Marisa E. AdelsonEmail
Show more Show less
  • Posted in:
    Health Care
  • Blog:
    Health Law
  • Organization:
    Crowell & Moring LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Tennessee Insurance Litigation Blog
  • Claims & Sustains
  • New Jersey Restraining Order Lawyers
  • New Jersey Gun Lawyers
  • Blog of Reason
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo