Internet of Medical Things Resilience Partnership Act of 2017

A new bill called the “Internet of Medical Things Resilience Partnership Act of 2017,” H.R. 3985, was recently introduced in the House of Representatives. If passed as drafted, the bill will establish a working group of public and private entities led by the Food and Drug Administration (FDA) and National Institute of Standards and Technology (NIST) to recommend voluntary frameworks and guidelines to increase the security and resilience of Internet of Medical Things devices. Specifically, the working group will develop “recommendations for voluntary frameworks and guidelines to increase the security and resilience of networked medical devices sold in the U.S. that store, receive, access or transmit information to an external recipient or system for which unauthorized access, modification, misuse, or denial of use may result in patient harm.”

Anthem Settles Data Breach Class Action

Anthem, Inc., the nation’s largest health insurance company, has agreed to settle the class action litigation arising from its 2015 data breach for $115 million, eclipsing the amount of any previous data breach settlement. The lawsuit, filed in federal court in California, had survived two motions to dismiss. After extensive discovery, plaintiffs moved for class certification on March 10, 2017. …

Health Data

Task Force Issues Report on Health Care Industry Cybersecurity Challenges and Recommendations

On Monday, June 5, the Health Care Industry Cybersecurity Task Force (the “HCIC Task Force”) issued its Report on Improving Cybersecurity in the Health Care Industry to Congress. The report highlighted that health care cybersecurity is a “key public health concern that needs immediate and aggressive attention.”

In the report, the HCIC Task Force identified six “imperatives” that must be achieved to increase security within the health care industry.

Read more.

Cybersecurity Risks in Connected Cars

Cars rolling off the assembly line today have many automated safety features and connectivity solutions, including lane departure warnings, automatic braking and limited self-driving, and other computerized control systems that were not present even a few short years ago. A recent report shows that over 40% of drivers admit that they do not understand how to use all of the technology in new vehicles. …

Health Data

New York Attorney General Announces Settlements with Three Healthcare App Developers

Application developers have incredible access to consumers. Along with that access comes the potential for greater government scrutiny. In late March, that reality was reflected in three settlements reached by the Attorney General of New York State with three mobile health application developers that made what were described as “misleading claims and irresponsible privacy practices.”

U.S. Congress Votes to Repeal Regulations on Broadband Privacy Rules

Congress has voted to repeal the Broadband Privacy Rules put in place by the Obama Administration that placed privacy restrictions on internet providers. While the Senate approved the repeal last week, the House voted 215-205 on Tuesday, March 28 in favor of repealing, providing the death knell for the regulations before they even went into effect.

Court Finds Merit in Whistleblower Exception to Confidentiality Agreements

In Erhart v. BofI Holding, Inc., et al. 15-cv-02287-BAS-NLS (Feb. 14, 2017), the United States District Court for the Southern District of California held that enforcing a confidentiality agreement between an employee and employer would violate public policy where an employee appropriated company documents while purportedly acting as a whistleblower. The case is notable because the decision, in essence, sanctioned an employee’s appropriation of information, including consumer personal information, as a “whistleblower.” The decision also held that violation of an employer’s confidentiality agreement could be excused if the violation were committed for “whistleblower” purposes. …