Data Sharing: The Need for TransparencyRegulatory Attorney Ashley Thomas Offers Advice to Vendors
Mobile app and other technology vendors must clearly communicate to users how their sensitive health data will be shared with third parties - especially those in China and other nations. Otherwise, they face potential regulatory scrutiny as well as privacy lawsuits, says regulatory attorney Ashley Thomas of the law firm Morris, Manning & Martin.
Data-sharing issues have been highlighted by recent health data privacy and security disputes, including a proposed Federal Trade Commission settlement last month with mobile app firm Flo Health and a lawsuit filed in January against healthcare services vendor Easy Healthcare Corp. by users of the company's Premom mobile fertility application.
Tech companies "need to be transparent about to whom they're disclosing information," she says. "On a fundamental level, they're disclosing information to their services providers who are helping to provide their services. But the key is to be transparent about where they're sharing that information."
Under Chinese laws, some firms receiving personal data can be compelled to share it with the government, she notes (see: NCSC Warns of China's Efforts to Collect US DNA Data).
In this interview (see audio link below photo), Thomas also discusses:
- What the healthcare sector might expect to see in 2021 from the Department of Health and Human Services' Office for Civil Rights' in its enforcement of HIPAA;
- Lessons from the FTC's recent settlement with Scottsdale, Arizona-based SkyMed;
- Issues emerging from the FTC's recent data privacy settlement with mobile health app vendor Flo Health despite Europe's highest court ruling to invalidate the EU-U.S. data-sharing agreement last summer.
Thomas advises clients on compliance with federal, state and international data privacy and security laws, including the EU General Data Protection Regulation, the California Consumer Privacy Act and HIPAA. Prior to joining Morris, Manning & Martin LLP, Thomas' work at other law firms included representing clients in the healthcare arena - such as public health systems, medical device manufacturers and technology companies - on data breaches and breach notification risk assessments and other issues.