Data Privacy and Security in the Healthcare and Life Sciences Industries: Mitigating Escalating Risks

Companies in the life sciences and health care industries are facing escalating risks with respect to the privacy and security of personal information for which they are responsible. The COVID-19 pandemic has increased reliance on virtual communications involving personal health information, including through telehealth delivery, exposing such data to new risks. Outside of COVID-19, the increased benefit of health technology and health data analyses has increased the amount of personal information, including sensitive health information, flowing through channels that were previously unused or rarely used and in the hands of new constituents in the data marketplace, also raising new privacy and data security issues and concerns.

Added to these increased practical risks is liability exposure under the California Consumer Protection Act (CCPA), including the new threat of class actions for violations of the "reasonable security" standard in the CCPA. Although some types of health and medical information and certain entities are exempt from the CCPA, that may not mean that members of the life sciences and health care industries are entirely exempt from the statute's requirements. Both the CCPA's privacy-related requirements, which are enforceable as of July 1, and its data security requirements, violation of which may be a basis for private rights of action, impose significant legal obligations.

This webinar focuses on ways in which companies in the life sciences and health care industries can strive to mitigate privacy and data security risks in the current environment, including under the CCPA, with respect to digital health apps, in the transactional context, and in relation to the COVID-19 pandemic.