Menu
10:55 AM
John Giantsidis, JD, M.Eng., President, CyberActa, Inc.
Naeem Hashmi, Digital Health Solutions, Strategic Advisor, Boston Scientific
This presentation will review the complex web of privacy laws applicable to medical devices, the Internet of Medical Things, and wearable devices. Using practical hypotheticals, the session will explore when these digital health products are subject to HIPAA, FTC privacy principles and the California Consumer Privacy Act. The presentation will also cover best practices for developing a privacy policy and privacy compliance program consistent with applicable laws and best practices.
Reece Hirsch, Partner, Morgan Lewis & Bockius LLP
The HHS Office for Civil Rights and the Federal Trade Commission are the principal privacy and security regulators in the digital health space. This panel will address how the two agencies regulate various digital health products, from medical devices to mobile health apps. The panelists will review the latest enforcement and regulatory developments in digital health privacy, focusing upon practical hypotheticals and questions from attendees.
Moderator:
Reece Hirsch, Partner, Morgan Lewis & Bockius LLP
Panelists:
Lisa P. Goldstein, Health Information Privacy Specialist, HHS Office for Civil Rights
Ronnie Solomon, Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
William Gamble, GDPR Consultant, IT Governance USA Ltd.
Today in the 21st century, the sensitivity of private health care data increasingly overlaps with the sensitivity of private and public digital consumer health data, warranting a closer look at comprehensive privacy protections, the need for stronger digital health literacy education, research, and more. Dr. Hendricks-Sturrup will describe this phenomenon, present some of her latest research on the topic, and engage the audience in discussion and activities where they may share their perspectives.
Rachele Hendricks-Sturrup, DHSc, MSc, MA, Research Director, Duke-Margolis Center for Health Policy
Today, medical devices are dynamic, providing many touch points. And their data surface is no longer limited to within the box alone. With 5G, the need for localizing data may go away, making the data surface very wide and spread across many geo-boundaries. Preserving individual’s privacy is a huge nightmare. Although privacy and security are joined at the ‘hips’, they are very different ‘mentally’. We simply can’t keep building higher walls to protect privacy. In fact, building higher walls does not protect privacy. We need to engineer privacy within the products to take advantage of security walls to avoid data exposure and leaks.
In this session, you will learn:
Naeem Hashmi, Digital Health Solutions, Strategic Advisor, Boston Scientific
Digital technologies have transformed our lives. Now the data-driven revolution is beginning to transform healthcare. By realizing the potential of digital health, artificial intelligence (AI) and machine learning (ML), we can accelerate the shift towards patient-centered, outcomes-focused access, sustainable healthcare. Digital health is a broad term that encompasses a variety of terms including e-health, m-health and telehealth and captures everything from electronic patient records, remote monitoring, connected devices, digital therapeutics and more. It means embracing information technology, big data, AI and machine learning to collect, share, analyze and use data on patient outcomes to help healthcare professionals make informed decisions and to improve care. Some of those may be considered medical devices (SaMD) and some may be considered clinical decision support (CDS) software. Some of them are regulated by the FDA and other regulatory bodies, and some are not.
But all have a common expectation: privacy.
So, how do we go about designing, building, and commercializing digital health solutions that incorporate the principles of privacy? Integrating privacy requirements in the design of digital health is not a simple task. Privacy is generally not the primary requirement of a SaMD, and it may even come into conflict with other (functional or non-functional) requirements. It is therefore of paramount importance to precisely define the goals of a Privacy by Design process. These goals should form the starting point of the process itself and the basis of its evaluation.
Learn how to embed privacy in your design and development process with a methodological focus centered on risk management that lets you employ privacy utilizing suitable practices, procedures, and tools.
John Giantsidis, JD, M.Eng., President, CyberActa, Inc.
A privacy impact assessment (PIA) is an essential part of many projects and can be used to help companies identify the potential risks arising from their collection, use, or handling of information, to find out if they are meeting their legal and regulatory obligations. A PIA focuses on identifying the ways a new project (product or service) or changes to an existing process may affect personal privacy, to help organizations make more informed decisions and better manage privacy risks.
It is important to decide whether to do a PIA early in the projects’ lifecycle. If you fail to identify how your project is likely to affect the individuals whose information you are collecting and using, there are real risks for your organization and for the success of your project. The scale and complexity of your PIA will depend on the scale and complexity of your project and it is not a last-minute legal compliance checklist – rather it’s an active tool to help inform the major decisions involved in planning and implementing your project.
Let’s walk through together the questions to answer before you start any Privacy Impact Assessment, the key steps involved in any PIA and what each of those steps involves, and further steps to consider if your project is more complex or the risks are more significant.
John Giantsidis, JD, M.Eng., President, CyberActa, Inc.
The explosive growth and evolution of cloud and wireless technology, network speed and connectivity, data communications, and sensor technology teamed with a seemingly endless array of applications and devices have fueled the rapid advancement of health care information technologies (HIT), cyber-physical systems (CPS) and the Internet of Things (IoT). As routine (and sometimes non-routine) patient interaction moves farther away from being delivered exclusively in a physical setting to having greater and more innovative options for care delivery in a virtual space, cybersecurity and privacy have become critical components of care quality and patient safety. There is a shared responsibility between the manufacturers, healthcare delivery organizations, and patients themselves to assure the privacy architected and embedded into Digital Health is genuinely achieved at the endpoints. Privacy in Digital Health from the Patient Perspective will discuss the steps we must take to protect and enhance this critical aspect of each patient’s life.
George W. Jackson, Jr., PhD, MBA, HCISPP, CISSP, PMP, CRISC, Director, Health IT and Digital Health, Clearwater
It seems like every digital health tool, medical device and healthcare IT solution is incorporating some type of data-driven analytic capability. The innovations may be algorithms that were pre-trained on existing data and process new data against the trained model or they might be adaptive algorithms that continuously evolve or adapt to noise processes and new features in data streams the medical device system acquires. In certain situations, the risk-management and regulatory analysis for these data-driven models have adequate predicates whereas there are gray areas in others. Regardless of quality and regulatory complexity, the topic of patient and provider privacy is paramount for risk assessment when considering the widespread adoption and distribution of data-driven technologies.
This talk is intended to inform the audience via an overview of the landscape MDSW manufacturers face, across the lifecycle of products with data-driven capabilities/ features. The audience will leave the talk with some ideas – based upon good-practice from experience – how to better manage privacy risk in these types of product while enabling innovation. There is much potential for bettering care delivery with analytical methods, but they must be developed and delivered in trustworthy ways. Key topics to be covered:
John F. Kalafut, PhD, Founder & Principal, Asher Orion Group
Elena Ames, CIMP, CDPSE, Data Privacy Officer, BrightInsight
James P. Keller, Jr., MS, AAMIF, FACCE, Business Development Director, Medical Devices, BrightInsight
While the 21st Century Cures Act drives a much-needed expansion of the sharing medical information using APIs and FHIR, this increased interoperability poses a risk to keeping private this personal health information. This is due to the now larger number of new information technology applications used for sharing data. These applications expand the exchange of information among providers, payers, life science companies, and patients. In this panel discussion, attendees will:
Moderator:
Barry P. Chaiken, MD, Author, Navigating the Code: How Revolutionary Technology Transforms the Patient-Physician Journey
Moderator:
Jeffrey Moore, Chief Product Security Officer, Draeger Medical
Panelists:
Nina Alli, Executive Director, Biohacking Village
Seth Carmody, VP, Regulatory Strategy, MedCrypt
Colin Morgan, CISSP, CISM, GPEN, Managing Director, Apraciti, LLC
f your database schema is not designed for privacy, don’t let your colleagues fool you into thinking it’s something you can just add in later as a layer. If your modern APIs and integration points aren’t privacy-aware by design, you cannot simply patch it in a future release. If you’re writing code for zero trust, you can’t just change it easily later. Join long-time healthcare CTO Shahid Shah as he talks about the technical means to ensure privacy by design, such as how to create database schemas that allow privacy and security at the table and row levels and how to write code and perform QA to ensure privacy is in the software development lifecycle. This is a can’t miss talk for CTOs, heads of product management, senior engineers, senior architects, developers, programmers, and database professionals (DBAs).
Shahid Shah, Publisher & Chief Editor, Medigy.com
Digital health and associated spheres like medical extended reality, wearables and implantables, provide new opportunities for extended healthcare access and medical training to a wide swath of the population. Further, pandemic resilience requires the creation of integrated warning systems that can collect and integrate sensitive data at the edge. In many cases, the data collected passively and actively by devices at the edge include biometrics and biometrically-inferred data – the most sensitive data we own. User identification, authentication, data collection, storage, and connectivity on both decentralized and aggregated networks create new threat landscapes that are exacerbated by key edge vulnerabilities. In this talk, we explore some of this new risk landscape, as well as new network solutions and frameworks that provide means for user-centric control, security, and privacy, which will revolutionize both cyberhealth networks as well as edge-based user interactions with Web 3.0 and the metaverse.
In this talk, you will learn:
Divya Chander, MD, PhD, Medical Advisor, Extended Reality Safety Initiative (XRSI) & Chair of Neuroscience and Faculty of Medicine, Singularity University
Health data is spilling over the 4 walls of traditional healthcare systems. Digital Health innovations are accelerating consumerization of health products/practices and posing a huge challenge – how to design ‘privacy friendly’ organization and products that comply with local and global consumer-related privacy protection regulations.
In this session, the speaker will discuss a real-world use case to implement a consumer-privacy data program and privacy governance model to operationalize data privacy – within the organization and the consumer products.
Topics:
Sam Riley, Senior Corporate Counsel, Dascena