Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
Covington’s health information privacy lawyers are at the center of the debate regarding the privacy of medical records and other individually identifiable health information. We have developed extensive expertise on matters of health information privacy, working on these issues from the perspective both of affected entities and government regulators. We serve a broad client base of healthcare providers, pharmaceutical companies, benefit managers, group health plans, clinical laboratories, medical equipment manufacturers, and others whose businesses involve the handling of personal health information.
We routinely counsel clients regarding compliance with the privacy standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Clinical and Economic Health (HITECH) Act. We have assisted in our clients’ efforts to obtain amendments to, or clarifications of, these regulations. We also counsel our clients on state laws affecting the privacy of health information, such as genetic information and pharmacy records, and we regularly provide advice on the interaction between state law and the federal regulations governing the privacy of health information.
We often assist clients in the United States and Europe engaging in clinical trials and post-marketing research activities and have been involved in preparing informed consent forms, investigator disclosure documents, contract research organization (CRO) agreements, clinical trial agreements and service provider agreements. We also assist companies in the healthcare industry with privacy issues relating to websites and live webcasts. Additionally, we have performed due diligence regarding healthcare privacy issues on behalf of venture capitalists and other entities interested in acquiring or investing in healthcare companies.
Our London- and Brussels-based lawyers have acquired unparalleled expertise in the unique privacy issues facing the pharmaceutical industry in Europe. We have been called upon to advise on the national rules in several European jurisdictions relating to the use of “biobanks” and research databases, privacy issues resulting from mandatory pharmacovigilance and adverse event reporting, key-coding of data, and the “further use” of data collected during clinical trials.
In Asia, we have assisted pharmaceutical companies operating in China with unique privacy issues, including advising privacy and property ownership issues related to the collection and sharing of biological samples in clinical trials.
Pharmaceutical marketing programs
Advising global pharmaceutical companies on HIPAA and state privacy issues relating to pharmaceutical marketing programs.
Comprehensive Global Privacy Policies
Assisted pharmaceutical companies in developing global comprehensive privacy policies aligned with federal (HIPAA, Food & Drug Administration, and National Institutes of Health) regulations, state and European law, and best practices.
HIPAA Breach Notification Requirements
Advised employer health plans on HIPAA breach notification requirements relating to breaches of protected health information held by the plans.
State health information privacy laws
Advising a multinational pharmaceutical company on state privacy issues relating to a vaccine outreach program.
Health privacy litigation
Advised a large pharmaceutical company in connection with litigation involving the alleged infringement of patient privacy by a pharmacy chain that collects personal information about prescription drug users.
Health privacy to pharma companies in China
Advised a multinational biopharmaceutical company operating in China on privacy and property ownership issues related to the collection and sharing of biological samples in clinical trials.
HIPAA compliance
Advised major corporations on HIPAA compliance issues relating to their employer health plans.
HIPAA training
On behalf of a major consumer products company, developed a HIPAA training module for the company’s health plan.
Privacy issues related to patent data migration
Assisted another large pharmaceutical company in dealing with privacy issues resulting from the migration of patient data from a clinical study to a web based platform.
Privacy issues relating to clinical trials
Assisted several large pharmaceutical companies with a variety of privacy issues relating to clinical trials, further use of data and pharmacovigilance reporting.
Global Health Privacy Advice
Advised pharmaceutical companies in the U.S. and Europe on data privacy issues, including questions relating to genetic testing programs and the development of genomics databases, the sourcing and handling of human tissue and biological samples for research purposes, patient outreach, and marketing activities.
February 26, 2021, Inside Privacy
In February 2021, the European Commission (“Commission”) released a report on European Union (“EU”) Member States’ laws governing the processing of health data. The report discusses three general types of health data uses: primary use for health care services; secondary use for public health purposes; and secondary use for scientific research purposes. For each ...
February 15, 2021, Inside Privacy
On February 2, 2021, the European Data Protection Board (“Board”) responded to questions submitted by the European Commission (“Commission”) on the application of the General Data Protection Regulation (“GDPR”) to health research. The Board also announced that it is currently working on guidelines on the processing of personal data for scientific research ...
February 9, 2021, Inside Privacy
In a new post on the Covington Digital Health blog, our colleagues discuss a recent settlement between the Federal Trade Commission (“FTC”) and Flo Health, Inc. (“Flo”), the developer of a popular menstrual cycle and fertility-tracking application. The settlement resolves allegations that Flo shared app users’ health information with outside third parties after ...
December 21, 2020, Inside Privacy
In a new post of the Covington Digital Health blog, our colleagues discuss the proposed rule issued by the Office for Civil Rights of the U.S. Department of Health and Human Services to modify the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for...… Continue Reading
Researchers Explore Privacy Techniques to Protect Against Re-Identification of Genomic Information
December 4, 2020, Inside Privacy
It’s the stuff of science fiction: adversaries extract DNA information from a cup of coffee or postage stamp and use it infer one’s most private traits. However, a recently released study entitled, “Data Sanitization to Reduce Private Information Leakage from Functional Genomics” discusses how this can be achieved, along with privacy measures that the life...… ...
October 17, 2020, Inside Privacy
In a new post on the Covington Digital Health blog, our colleagues discuss California Attorney General Xavier Becerra’s recent settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” The post explains the allegations and settlement terms, as well as takeaways for providers ...
September 21, 2020, Inside Privacy
On September 1, the California legislature passed AB 713, a bill that creates a new healthcare-related exemption under the California Consumer Privacy Act of 2018 (“CCPA”). All provisions of the bill will take effect immediately to prevent the CCPA from “negatively impact[ing] certain health-related information and research,” except for the required contractual ...
August 13, 2020, Inside Privacy
Today, the California Senate Judiciary Committee will consider AB 1281, which would extend the California Consumer Privacy Act’s (CCPA) business-to-business and employment exemptions until January 1, 2022, in the event that the pending ballot initiative—which also would extend the exemptions—does not pass this November. In addition, the Committee will consider ...
August 11, 2020, Inside Privacy
On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020. One of the main objectives of the bill is...… Continue ...
June 4, 2020, Inside Privacy
Senators Maria Cantwell (D-WA) and Bill Cassidy (R-LA) introduced bipartisan legislation this week to address privacy issues in the COVID-19 era. The proposal, entitled the “Exposure Notification Privacy Act,” would regulate “automated exposure notification services” developed to respond to COVID-19. This bipartisan legislation comes on the heels of dueling ...
July 28, 2017, Medtech Insight
Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.
December 15, 2016, CCT News
Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers. However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.
Wearable technology: gathering data from tooth to toe
November 21, 2016, Financial Times
Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...
October 24, 2013, Covington E-Alert