In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. ...more
Innovation in the life sciences and health care industries is occurring at a dizzying pace. Five years ago, anti-PD-1 antibodies from Merck and BMS had yet to be approved, CAR-T therapies were still in small-scale clinical...more
3/18/2019
/ Artificial Intelligence ,
Asia ,
Biologics ,
Biotechnology ,
Data Breach ,
Digital Health ,
Information Technology ,
Life Sciences ,
Pharmaceutical Industry ,
Prescription Drugs ,
Supply Chain
The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and...more
3/14/2019
/ Chief Information Security Officer (CISO) ,
Data Management ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Privacy Rule ,
Public Comment ,
Regulatory Agenda ,
Regulatory Standards ,
Risk Assessment ,
Rulemaking Process ,
Safeguards Rule ,
WISP
This is the eleventh installment in Hogan Lovells’ series on the California Consumer Privacy Act.
Much of the focus on the California Consumer Protection Act (“CCPA”) has been on the new rights that it affords California...more
Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more
On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices"(premarket cybersecurity guidance). This coincided...more
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. ...more
10/18/2018
/ Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Hackers ,
Information Technology ,
Internet of Things ,
Mobile Devices ,
New Legislation ,
Popular ,
Risk Management ,
Security Standards ,
State and Local Government
With the continued explosion of software and software-controlled medical devices, including the growing use of machine learning and artificial intelligence, the FDA (the Agency) Medical Device Safety Action Plan (the Plan)...more
4/26/2018
/ Connected Items ,
Cybersecurity ,
Data Breach ,
Food and Drug Administration (FDA) ,
Medical Devices ,
Patient Safety ,
Personal Data ,
Pharmaceutical Industry ,
Popular ,
Regulatory Standards ,
Risk Management
The FTC has approved the first-ever petition to reopen and modify a privacy-related consent order. The petition, filed by Sears Holdings Management Corporation, sought to amend the terms of Sears’ 2009 consent order (the...more
3/14/2018
/ Brick-and-Mortar Stores ,
Consent Order ,
Customer Information ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Retail Market ,
Retail Tracking ,
Retailers ,
Sears ,
Software
Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more
3/12/2018
/ Best Practices ,
Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Life Sciences ,
Medical Devices ,
Patient Safety ,
Personal Data ,
Pharmaceutical Industry ,
Popular ,
Regulatory Oversight ,
Risk Management ,
Security Risk Assessments ,
Training
Prompted by concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies, the Securities and Exchange Commission recently published interpretive guidance to...more
3/6/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Publicly-Traded Companies ,
Regulation FD ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)
It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more
2/28/2018
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
On September 6, 2017, the Food and Drug Administration (FDA or the Agency) released its final guidance document, Design Considerations and Pre-Market Submission Recommendations for Interoperable Medical Devices (Final...more
On 1 August 2017, a bipartisan group of four U.S. senators (Steve Daines (R-MT), Cory Gardner (R-CO), Mark Warner (D-VA), and Ron Wyden (D-OR) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017....more
8/24/2017
/ Connected Items ,
Cybersecurity ,
Data Protection ,
Federal Contractors ,
Internet of Things ,
NIST ,
NTIA ,
OEM ,
Popular ,
Proposed Legislation ,
Risk Management
On August 1, a bipartisan group of four senators introduced a bill that would impose specific cybersecurity requirements on providers of Internet of Things (IoT) devices when doing business with the U.S. Government and...more
8/3/2017
/ Computer Fraud and Abuse Act (CFAA) ,
Connected Items ,
Cybersecurity ,
Data Protection ,
Information Technology ,
Internet of Things ,
Proposed Legislation ,
Risk Management ,
Vendors ,
Vulnerability Assessments ,
Wireless Devices
Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously...more
7/19/2017
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Handbooks ,
Information Technology ,
National Association of Corporate Directors (NACD) ,
Risk Management
In this hoganlovells.com interview, Washington, D.C.-based Hogan Lovells senior associate Paul Otto talks about security issues created by the exponential growth of the Internet of Things (IoT). ...more
As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On...more
2/27/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Confidential Information ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the...more
2/15/2017
/ Best Practices ,
Comment Period ,
Connected Items ,
Cybersecurity ,
Internet ,
Internet of Things ,
Internet Privacy ,
NIST ,
NTIA ,
Popular ,
Privacy Concerns ,
Risk Management ,
Technology ,
Technology Sector ,
U.S. Commerce Department
In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from...more
1/26/2017
/ Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
NIST ,
Ransomware ,
Risk Management ,
Supply Chain