Schedule

Wednesday, April 13, 2022

1. Data Governance: A Digital Economy Depends on Digital Trust
Jenn Geetter (Moderator), Reid Blackman, Rene Quashie, Alaap Shah

• The role of data governance in complying with an often misaligned patchwork of federal and state regulations and with community norms and standards in deciding how to use, protect and disclose data
• Data stewardship principles and best practices–moving beyond privacy and security
• The role of ethics in data governance
• Data governance as a differentiator to build trust
• How to leverage data governance to build a culture of compliance
• Assembling a well-functioning data governance committee: The composition, need, functions, and membership
• The data governance lifecycle activities: Data cataloguing and valuation; assess privacy and data protection risk; evaluate data acquisition, aggregation, use and disclosure policies; consider retention and destruction approach
• Who owns the data vs. who should own the data?

2. Connecting the Dots Between Health Apps, HIPAA, and the FTC
Robert Kantrowitz
Jon Moore

• Different types or categories of health applications and related parties 
• How to determine whether the information collected by a health app is covered under the FTC Act, HIPAA or FD&C Act
• The relevant HIPAA, FTC, and FD&C Act regulations and guidance for health apps and those that serve, sell or provide them
• Specific requirements of FTC and HIPAA Breach Notification Rules
• How to prevent concerns over cybersecurity and privacy from stifling digital health adoption

3. Preventing CyberHarm to Patients: Risk Management
Elizabeth Hodge
Gerard M. Nussbaum
Sean T. Sullivan

• Both potential and actual harm to patients’ safety created by vulnerabilities in the world of connected health care
• When technology and IT security should inform the standard of care
• Risk reduction and mitigation strategies for health care providers
• When and how to involve boards and C-suite in preparing organizations to address cybersecurity threats to patient safety

4. Using Genomic Data in Health Care Research: Legal Considerations to Support Innovation
Maggie Huston
David Peloquin
Alya Sulaiman

• Why genomic research/real world data (RWD) is important for advancing precision medicine and innovations in patient care
• Types of genomic and related data (patient germline/inherited data; somatic/tumor data; viral DNA/RNA, etc.) and how that data is classified under existing legal/regulatory frameworks, as well as a high-level overview of common technologies that generate that data (next-generation sequencing, genotyping, PCR, etc.)
• Legal considerations surrounding how genomic data is used in clinical trials and observational studies (privacy, data use, clinical laboratory regulations, FDA regulation of in vitro diagnostics and considerations related to investigational device exemptions, equity, etc.)
• Is it possible to de-identify or anonymize genomic data?

5. Whose Data - De-identified Not Devalued
James Leonard
Iliana Peters
Cynthia F. Wisner

Please join us for an important and illuminating discussion regarding issues related to “de-identified data” under HIPAA, which is also commonly referred to as anonymized data under other legal regimes.  We plan to use concrete examples and fact patterns to talk through common issues and complications with de-identified data, both from a legal perspective with the two attorneys on our panel, but also from a practical perspective with our panel de-identification expert!  Our presentation will include:

• Important issues, such as HIPAA de-identification and third party rights, business associate issues, value of de-identified data, and derivative data rights
• Applicable legal requirements under state, federal, and international law
• Fact scenarios regarding de-identification from a practical perspective
• Importance of de-identification expert qualifications and experience

6. After A Cyber Attack: Trends and Enforcement​
Abby Bonjean
Jody Erdfarb
Adam Greene

Although cyber-attacks are becoming more and more common, the healthcare industry is still grappling with dealing with the aftermath of a breach. In this session, we will discuss:

• Differentiate between a cyber-attack and a breach
• The potential legal obligations when a cyber-attack occurs, including notification and mitigation requirements under HIPAA and the FTC Breach Notification Rule
• The different options for dealing with ransomware attacks, including involvement of law enforcement
• Government criminal and civil enforcement and class action trends

7. The Responsible Use of AI in Health Care
Cora Han
Christine Moundas
Kirk J. Nahra

Advances in artificial intelligence (AI) have the potential to revolutionize the practice of medicine and health care, with potential uses ranging from precision medicine to improving many aspects of hospital administration. But the use of AI in health care also poses legal, ethical, equity, privacy and security risks. This panel will examine the challenges health care providers and health care companies are facing with respect to the use and development of AI. Topics will include:

• Legal issues that health care providers and health care companies should consider when using or developing AI-enabled tools
• AI from the FDA perspective
• Ethical considerations
• Recommendations for operationalizing the safe and responsible use of AI

8. Interoperability and Information Blocking: Policy and Implementation
Jodi Daniel
Elise Sweeney Anthony
Steve Gravely

• ONC’s information blocking regulations and recently released frequently asked questions
• Decision framework considerations for information sharing under the information blocking regulations
• Intersection of information blocking and HIPAA, including a discussion of patient access to data through third party applications

9. Lessons Learned from Covid Data Sharing Experience​
Susan Stayn
Wendi Wright

• Urgent data sharing needs that emerged during the pandemic: public health and community partnerships, workplace wellness, workplace surveillance, large-scale contact tracing
• Challenges to data sharing during Covid (confusion around requirements, gaps in data including health inequities, employee privacy rights vs employer's need to know, differing reporting requirements at federal/state/local levels, role of state/local public health authorities, employers' requirements vs HIPAA protections)
• Novel initiatives and data sharing challenges in research during Covid
• A look forward: Lessons learned for future data sharing and pandemic planning

10. The Health Data Gold Rush: Exploring the Legal, Operational, and Ethical Concerns of Data Monetization
Ebunola Aniyikaiye
Mysty Blagg
Andrew Rusczek

The evolution of technology and the ability to analyze data within the health care industry has led to various advancements, including an enhanced holistic view of patients, predicting health outcomes, shortening the time of diagnosis, and more effective treatments. These advancements in turn benefit patients and caregivers. However, large amounts of patient data are needed to fuel these advancements. As the need for patient data continues to grow, stewards of patient data are faced with an opportunity to monetize their data. Furthermore, as the value of health care data becomes understood, the FTC and other regulators will in turn scrutinize digital health transactions where acquisition of data is one of the primary reasons behind the transaction. This session will explore the following topics related to monetization of patient:

• Data collection strategies
• Data governance
• Privacy considerations
• Ethical concerns
• Implication of possible antitrust enforcement in digital health transactions

Networking Reception
Join us for a very interactive virtual networking happy hour-ish. Attendees can find their colleague, sit at a virtual table and chat.  

On Demand Only Offerings

I. Agitations of Aggregated Data Sets
Emily Beukema
Peter Kim

• Fulfilling the promise of the digitization of health records in large part relies on the aggregation of large and diverse data sets.  With aggregation of data from multiple sources come many legal and compliance issues. This session will explore:
• Privacy laws, including HIPAA, state data privacy and security laws, and FTC regulations and recent guidance;
• Interoperability and information blocking issues
• Consents, ownership and related issues
• Responsibilities and agency (i.e. how do you identify who is working for whom)
• Related compliance issues

II. Basics of Determining the FMV of Patient Health Data​
Chris David

• Discussion of the theoretical and technical challenges of developing a defensible appraisal
• A discussion of the different types of datasets that are being bought and sold
• Properly identify the subject asset
• Properly identify the type of transaction
• Determine the most appropriate methods/approaches to use to value a dataset

III. HIT Fraud and Abuse: Sprints, Relays, and Hurdles on the Road to Coordinated Care​
Stewart Kameen
Amy Leopard
Andrew VanLandingham

• The HHS Sprint to Coordinated Care one year later—how to use the OIG safe harbors and CMS exceptions to fund and promote digital health, data sharing, data analytics, interoperability, and cybersecurity in value-based settings and beyond
• False Claims Act Liability for EHR Fraud, Kickbacks, and the Civil Cyber-Fraud Initiative–how false certifications, freebies, and deficient cybersecurity protections can be material and give rise to FCA liability
• Filling in the gaps for effective compliance oversight and risk management through sources of Compliance Program Guidance and EHR Corporate Integrity Agreements
• A legal framework and hypothetical case studies for patient engagement and providing valuable technology directly to patients without running afoul of the Beneficiary Inducement Prohibition