TRENDING:

Governance & Risk Management , Privacy

2016 Health Data Privacy Regulatory Outlook

Attorney Kirk Nahra Discusses Proposed Common Rule Changes, Other Initiatives Marianne Kolbasuk McGee (HealthInfoSec) • January 12, 2016     20 Minutes   
2016 Health Data Privacy Regulatory Outlook
Attorney Kirk Nahra of Wiley Rein LLP

In 2016, the healthcare sector faces a variety of complex legislative and regulatory issues, especially those tied to patient privacy, says attorney Kirk Nahra.

For instance, proposed modifications to the decades-old Common Rule, the primary regulation covering federally funded research, could affect privacy guidance, he says in an interview with Information Security Media Group.

The theme of the proposed Common Rule changes, Nahra says, is "where we can streamline or eliminate regulatory burdens of the Common Rule in situations where there are not [privacy] concerns for patients, we're going to try to take those steps," he says. Although the proposed changes primarily impact researchers, the modifications also potentially affect the analytics that organizations perform on their own data, he says.

"It's going to have a big impact on the kinds of activities that go on ... with data-related research, where there are appropriate privacy and security protections in place," the attorney notes.

Conflicting Measures?

In a related regulatory effort, the healthcare sector could also potentially face HIPAA Privacy Rule changes if the 21st Century Cures bill, which was passed by the House last year, is approved by the Senate and signed into law by President Obama.

That pending legislation, which aims to advance medical research and innovation, contains provisions that would alter HIPAA by eliminating the need for patient authorization for the use or disclosure of their protected health information for research purposes if HIPAA covered entities or business associates are involved.

The privacy provisions in the 21st Century Cures bill, as currently written, could be in conflict with the proposed Common Rule changes, Nahra notes. "I'm optimistic if this bill makes its way through the Senate, the Senate will actually clean up a lot of these privacy provisions," he says.

In the interview (see audio link below photo), Nahra also discusses:

  • The likely impact on healthcare organizations of the Cybersecurity Act of 2015, which aims to improve cyberthreat information sharing;
  • Evolving regulatory concerns related to the security and privacy of big data;
  • Whether the HIPAA Security Rule needs to be updated to keep up with advancing technology and evolving cyberthreats.

As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He's a former member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.

Previous
Mitigating the Accidental Insider Threat
Next
Fighting the Mobile Malware Hydra



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.