Key Takeaway: A ruling last week confirmed that the Federal Trade Commission (FTC) has the authority to take enforcement action against companies over their alleged lax data security practices.
Why It Matters: Hospitals are increasingly becoming subject to cyberattacks given that patient records have more black market value than credit cards, thus making them subject to FTC enforcement actions. The August 24 ruling by the U.S. Court of Appeals for the Third Circuit in the FTC v. Wyndham Worldwide Corp. case reaffirmed the FTC's authority to hold companies accountable for failing to safeguard consumer data.
According to the FTC, the hotel chain’s weak cybersecurity practices in 2008 and 2009, led to more than $10 million in credit card losses. In 2012, the FTC initiated a data security enforcement action against Wyndham in federal court, alleging it engaged in deceptive and unfair practices.
Wyndham argued that because the FTC neglected to provide specific rules on data security standards for companies, the organization should not be expected to know what constitutes “reasonable” data security standards. The court rejected Wyndham's arguments that what is “unfair” in the context of data security should be subject to a more specific definition by the FTC.
Administration Looking for Feedback on Precision Medicine Initiative
Key Takeaway: The President’s Precision Medicine Initiative is under development and the Administration is soliciting stakeholder feedback on points of emphasis, as well as implementation of the Initiative’s final recommendations.
Why It Matters: According to an August 21 blog post from the Administration, the suggested topics for stakeholder comments included: application-programming interfaces (APIs), information sharing and secure data storing.
A top priority for the Administration, and an opportunity for Congressional bipartisanship, is the Precision Medicine Initiative, which is intended to deliver individually tailored treatments to patients.
“We need healthcare providers to share their insight and help translate new findings into better care. And we need a strong, secure, and nimble infrastructure for health data that protects privacy, ensures security and facilitates new research models,” stated the piece released by DJ Patil, Deputy Chief Technology Officer for Data Policy and Chief Data Scientist in the Office of Science and Technology Policy; and, Stephanie Devaney, Project Manager for the Precision Medicine Initiative.
Highly functional electronic health records (EHRs) and adequate data security have been two subjects frequently addressed in the context of the Precision Medicine Initiative.
ONC Federal Advisory Committee Seek Applicants, Submission Deadline Sept. 11
Key Takeaway: Health IT Policy Committee and Health IT Standards Committees are seeking applicants to fill vacancies on the Federal Advisory Committees to assist the Office of the National Coordinator in setting national health IT policy.
Why It Matters: The Health IT Standards Committee (HITSC) is seeking applicants to fill a number of open positions including a “Technical Expertise, CIO” vacancy. While the Health IT Policy Committee (HITPC) has an opening for a “Privacy and Security/Consumer Representative.”
The HITSC is charged with making recommendations to the National Coordinator for Health IT on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information. The HITPC makes recommendations to the National Coordinator for Health IT on a policy framework for the development and adoption of a nationwide health information infrastructure, including standards for the exchange of patient medical information.
The HITSC is seeking applications for the following areas of expertise: