Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
Covington’s health information privacy lawyers are at the center of the debate regarding the privacy of medical records and other individually identifiable health information. We have developed extensive expertise on matters of health information privacy, working on these issues from the perspective both of affected entities and government regulators. We serve a broad client base of healthcare providers, pharmaceutical companies, benefit managers, group health plans, clinical laboratories, medical equipment manufacturers, and others whose businesses involve the handling of personal health information.
We routinely counsel clients regarding compliance with the privacy standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Clinical and Economic Health (HITECH) Act. We have assisted in our clients’ efforts to obtain amendments to, or clarifications of, these regulations. We also counsel our clients on state laws affecting the privacy of health information, such as genetic information and pharmacy records, and we regularly provide advice on the interaction between state law and the federal regulations governing the privacy of health information.
We often assist clients in the United States and Europe engaging in clinical trials and post-marketing research activities and have been involved in preparing informed consent forms, investigator disclosure documents, contract research organization (CRO) agreements, clinical trial agreements and service provider agreements. We also assist companies in the healthcare industry with privacy issues relating to websites and live webcasts. Additionally, we have performed due diligence regarding healthcare privacy issues on behalf of venture capitalists and other entities interested in acquiring or investing in healthcare companies.
Our London- and Brussels-based lawyers have acquired unparalleled expertise in the unique privacy issues facing the pharmaceutical industry in Europe. We have been called upon to advise on the national rules in several European jurisdictions relating to the use of “biobanks” and research databases, privacy issues resulting from mandatory pharmacovigilance and adverse event reporting, key-coding of data, and the “further use” of data collected during clinical trials.
In Asia, we have assisted pharmaceutical companies operating in China with unique privacy issues, including advising privacy and property ownership issues related to the collection and sharing of biological samples in clinical trials.
Pharmaceutical marketing programs
Advising global pharmaceutical companies on HIPAA and state privacy issues relating to pharmaceutical marketing programs.
Comprehensive privacy policies
Assisted pharmaceutical companies in developing global comprehensive privacy policies aligned with federal (HIPAA, Food & Drug Administration, and National Institutes of Health) regulations, state and European law, and best practices.
HIPAA Breach Notification Requirements
Advised employer health plans on HIPAA breach notification requirements relating to breaches of protected health information held by the plans.
State health information privacy laws
Advising a multinational pharmaceutical company on state privacy issues relating to a vaccine outreach program.
European data privacy
Represent an ad hoc consortium of U.S. and European pharmaceutical and medical device companies concerned about data privacy issues in Europe, including the Eastern European Member States such as Hungary, Poland, and the Czech Republic.
Health privacy litigation
Advised a large pharmaceutical company in connection with litigation involving the alleged infringement of patient privacy by a pharmacy chain that collects personal information about prescription drug users.
Health privacy to pharma companies in China
Advised a multinational biopharmaceutical company operating in China on privacy and property ownership issues related to the collection and sharing of biological samples in clinical trials.
HIPAA compliance
Advised major corporations on HIPAA compliance issues relating to their employer health plans.
HIPAA training
On behalf of a major consumer products company, developed a HIPAA training module for the company’s health plan.
Global health privacy advice
Advised pharmaceutical companies in the United States and Europe on data privacy issues, including questions relating to genetic testing programs and the development of genomics databases, the sourcing and handling of human tissue and biological samples for research purposes, patient outreach, and marketing activities.
Privacy issues related to patent data migration
Assisted another large pharmaceutical company in dealing with privacy issues resulting from the migration of patient data from a clinical study to a web based platform.
Privacy issues relating to clinical trials
Assisted several large pharmaceutical companies with a variety of privacy issues relating to clinical trials, further use of data and pharmacovigilance reporting.
October 17, 2020, Inside Privacy
In a new post on the Covington Digital Health blog, our colleagues discuss California Attorney General Xavier Becerra’s recent settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” The post explains the allegations and settlement terms, as well as takeaways for providers ...
September 21, 2020, Inside Privacy
On September 1, the California legislature passed AB 713, a bill that creates a new healthcare-related exemption under the California Consumer Privacy Act of 2018 (“CCPA”). All provisions of the bill will take effect immediately to prevent the CCPA from “negatively impact[ing] certain health-related information and research,” except for the required contractual ...
August 13, 2020, Inside Privacy
Today, the California Senate Judiciary Committee will consider AB 1281, which would extend the California Consumer Privacy Act’s (CCPA) business-to-business and employment exemptions until January 1, 2022, in the event that the pending ballot initiative—which also would extend the exemptions—does not pass this November. In addition, the Committee will consider ...
August 11, 2020, Inside Privacy
On 3 July 2020, the German parliament passed a draft bill (German language) for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020. One of the main objectives of the bill is...… Continue ...
June 4, 2020, Inside Privacy
Senators Maria Cantwell (D-WA) and Bill Cassidy (R-LA) introduced bipartisan legislation this week to address privacy issues in the COVID-19 era. The proposal, entitled the “Exposure Notification Privacy Act,” would regulate “automated exposure notification services” developed to respond to COVID-19. This bipartisan legislation comes on the heels of dueling ...
Democrats Introduce COVID-19 Privacy Bill That Differs in Key Respects From Republicans’ Proposal
May 21, 2020, Inside Privacy
House and Senate Democrats recently unveiled proposed legislation—tentatively titled the “Public Health Emergency Privacy Act”—that would regulate the collection and use of health and location information in connection with efforts to track and limit the spread of COVID-19. Below we describe the proposed Public Health Emergency Privacy Act and how it differs ...
May 15, 2020, Inside Privacy
On May 8, 2020, the Federal Trade Commission (“FTC”) issued a notice soliciting public comment regarding whether changes should be made to its Health Breach Notification Rule (the “Rule”). The request for comment is part of a periodic review process “to ensure that [FTC rules] are keeping pace with changes in the economy, technology, and...… Continue Reading
German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications
May 7, 2020, Inside Privacy
On April 21, 2020, the Regulation on the Requirements and Reimbursement Process for Digital Health Applications (Digitale Gesundheitsanwendungen-Verordnung or „DiGAV“, available here) entered into force in Germany. Among other provisions, the DiGAV includes specific IT security and privacy requirements. Shortly after the law took effect, Germany’s Federal ...
May 6, 2020, Inside Privacy
In a new post on the Covington Digital Health blog, our colleagues discuss the Department of Health and Human Services (“HHS”) announcement of enforcement discretion to “permit compliance flexibilities” for the implementation of the interoperability final rules issued on March 9th, 2020. The final rules are intended to improve patient access to electronic ...
May 1, 2020, Inside Privacy
Senate Commerce Committee Chairman Roger Wicker is working on draft legislation that would regulate the collection and use of health and location information in connection with efforts to track and limit the spread of COVID-19. Some key highlights of the tentatively titled “COVID-19 Consumer Data Protection Act” include: For the duration of the public ...
July 28, 2017, Medtech Insight
Marialuisa Gallozzi, John Buchanan, and Jeff Kiburtz are quoted in a Medtech Insight article regarding the growing interest in the healthcare sector in buying cyber insurance. According to Gallozzi, "We are in the midst of an evolution of the insurance market right now in this area." She says cyber insurance policies have been a growing trend but unlike other ...
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.
December 15, 2016, CCT News
Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers. However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.
Wearable technology: gathering data from tooth to toe
November 21, 2016, Financial Times
Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...
October 24, 2013, Covington E-Alert