Health Law Advisor

On July 13, 2023, the White House issued the first iteration of its National Cybersecurity Strategy Implementation Plan (the “Implementation Plan”), which will be updated annually. The two overarching goals of the Implementation Plan are to address the need for more capable actors in cyberspace to bear more of the responsibility for cybersecurity and to increase incentives to make investments in long-term resilience. The Implementation Plan is structured around the five pillars laid out in the White House’s National Cybersecurity Strategy earlier this year, namely: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. The Implementation Plan identifies strategic objectives and high-impact cybersecurity initiatives under each pillar and designates the federal agency responsible for leading the initiative to meet each objective. The following summarizes some of the key initiatives included in the Implementation Plan that will directly impact critical infrastructure organizations, including healthcare, energy, manufacturing, information technology and financial services.

The 21st Century digital age has provided women with numerous sexual and reproductive health tools that track periods, ovulation, and pregnancy. By simply plugging certain health data inputs into these apps, women can now accurately track the most intimate moments of their lives. But is this sensitive health information secure?

New York recently enacted new legislation that will amend Article 45-A of the New York Public Health Law, entitled “Disclosure of Material Transactions”.  Although the legislation, as enacted, contains no description of legislative intent, the budget bill language originally proposed referenced concerns with the “proliferation of large physician practices being managed by entities that are investor-backed” (e.g., private equity platforms) and which are otherwise unregulated by the state outside of the licensure of the individual practitioners.

Effective August 1, 2023, the new legislation requires thirty (30) days advance notice to the New York State Department of Health (“Department”) of any “material transactions” involving “health care entities” that provide administrative or management services for physician practices, provider-sponsored organizations, health insurance plans, “or any other kind of health care facility, organization, or plan providing health care services. . . .”   

On June 16, 2023, Nevada enacted Senate Bill 370 (“SB 370”), which imposes broad restrictions on the collection, use, and sale of consumer health data. This law is set to go into effect on March 31, 2024.

This post explores how bias can creep into word embeddings like word2vec, and I thought it might make it more fun (for me, at least) if I analyze a model trained on what you, my readers (all three of you), might have written.

Often when we talk about bias in word embeddings, we are talking about such things as bias against race or sex.  But I’m going to talk about bias a little bit more generally to explore attitudes we have that are manifest in the words we use about any number of topics.

Throughout the course of the pandemic, the Health Resources and Services Administration (HRSA) distributed $178 billion in Provider Relief Funds (PRF) to hospitals and health care providers.  The Public Health Emergency has ended, and HRSA is now turning an eye to how the money was spent, and whether it was spent properly. 

PRF funds were distributed with nearly no-strings-attached; hospitals and providers had to simply agree to a few terms and conditions.  Yet a number of facilities and providers have received one of two types of letters from HRSA: (1) a Final Repayment Notice stating the money must be returned, or (2) a letter stating that HRSA will be conducting an audit.  

Recently, Florida Governor Ron DeSantis signed Senate Bill 262 and Senate Bill 264 into law. These new laws grant Floridians greater control over their personal data and establish a new standard for data handling and protection. Senate Bills 262 and 264 take effect on July 1, 2023.

On June 8, 2023, the New York City Council passed a bill focused on healthcare accountability, with the goal of increasing access to healthcare services for New Yorkers. Entitled the Healthcare Accountability & Consumer Protection Act (the “Act”), this legislation includes Introduction 844, which establishes an Office of Healthcare Accountability, whose work would allow patients to see through a website what they would be charged for procedures at hospitals throughout New York City. As part of the Act, this Office would also report on insurance and pharmaceutical pricing, as well as monitor the amount of money the City is spending on healthcare services. In addition, the Act includes Resolution 512, which calls on New York State to create an independent commission to oversee hospital pricing and to increase access to healthcare services. This local law, referred to as Local Law 78, was signed by Mayor Adams on June 23, 2023, and will be effective beginning on February 22, 2024.

A recent enforcement action by the Federal Trade Commission (“FTC”) against 1Health.io—which sells “DNA Health Test Kits” to consumers for health and ancestry insights—serves as a reminder that the FTC is increasingly exercising its consumer protection authority in the context of privacy and data protection. This is especially true where the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not reach. The FTC’s settlement with 1Health.io highlights a wide-range of privacy and security issues companies should consider relating to best practices for updating privacy policies, data retention policies, configuration of cloud storage and vendor management, especially when handling sensitive genetic data. 

Summertime, for many, marks the beginning of longer days and more sunshine. As an academic medical institution, it also marks the end of one academic year and the commencement of another, and with a new academic year comes new agreements or contracts of appointment for its residents and fellows, as each are promoted to a new program year. For programs accredited by the Accreditation Council of Graduate Medical Education (“ACGME”), there are specific requirements for what can and should be included in its resident and fellow agreements. Aside from its ACGME requirements, it is also important for an institution to consider what additional contractual provisions it should include in its resident and fellow contracts. Below are ACGME’s requirements and other contract provisions that an institution should review and include in such contracts prior to the beginning of each academic year.