On December 10, 2020, NetDiligence brought together an exciting panel of legal and insurance experts for “Privacy Litigation Updates for the Healthcare Sector.” Sponsored by Buchanan, Ingersoll and Rooney, this webinar explored the current state of cyber threats to healthcare providers in the wake of the COVID-19 epidemic and elucidated the legal landscape created by recent class actions litigation. Moderator Anthony Dolce (Chubb) was joined by Jacqueline Weyand (Buchanan), John Yanchunis (Morgan and Morgan), and Anahi Santiago (ChristianaCare).
All panelists agreed that threat actors have uniquely targeted the industry in recent months. With the increase of telemedicine and work-from-home, healthcare organizations have provided ripe targets; simultaneously, the urgency created by COVID-19 has made threats to patient care a powerful pressure point. The FBI’s announcement on October 28 that federal agencies saw an imminent threat to the healthcare industry proved unsurprising to this group of insiders, with Yanchunis noting that the warning seemed, if anything, behind the curve.
The heart of the panel was a roundup of recent legal decisions, led by Weyand. Three specific cases – Leniski v. Anthem Inc., et al., Fox, et al. v. Iowa Health System, and Travis et al. v. Assured Imaging, LLC – plus the cluster of cases against Blackbaud were detailed. The takeaways from this litigation were numerous, but Weyand summarized much of the panel’s conversation when she noted that organizations must not rely on the “black letter of the law” and that industry standards will provide the legal yardstick during litigation. This perspective was echoed by Santiago, who noted that HIPAA can be used only as a baseline when organizations assess their protocols.
Article III legal standing remains an issue to watch. Weyand pointed out the split between different circuits with respect to this issue but identified no case arising recently that might lead to a resolution at the federal level. Yanchunis noted that the recent OPM breach included the personal data of federal judges, which has created a more sympathetic tone from the bench.
In their final words, panelists called for preparedness and flexibility – Santiago noting that patch management and employee training are the simple efforts that can pay big dividends; Yanchunis advocating for better communication between C-suites and cyber professionals. Weyand encouraged listeners to watch for developments from OCR: As the changes wrought in urgency at the height of the pandemic become lasting shifts, industry professionals should expect a tighter regulatory landscape and heightened scrutiny of security protocols.
“Privacy Litigation Updates for the Healthcare Sector” is available on-demand at https://gateway.on24.com/wcc/eh/2341608/lp/2840433/privacy-litigation-updates-for-the-healthcare-sector/