Health Privacy Law

Health Privacy Law is a fast-growing area of law that has seen significant recent regulatory and enforcement activity globally. This course addresses information privacy laws and regulations that have been enacted around the world, including the Health Insurance Portability and Accountability Act s (HIPAA) Privacy, Security, and Data Breach Rules, health research laws and principles, the EU General Data Protection Regulation (GDPR), the California Privacy Protection Act (CPPA), other US State laws as they relate to and impact health data. In addition, new laws governing Artificial Intelligence, such as those proposed in the EU and Canada, as well as the broader impact of AI on health privacy, will be considered.

Approach

The course will be taught in a phase-like approach. Phase one will involve basic understanding of health privacy principles and a review of several of the more significant laws and regulations that impact the health ecosystem, including reading and interpreting HIPAA, GDPR and U.S. State Laws (California, Virginia, Colorado), and the EU AI Act, among others. Phase two will focus on application of our interpretation of the privacy legal requirements/obligations arising from these laws and principles to traditional health-related activities, incorporating new issues like risks and benefits of artificial intelligence.

The course will be taught from my practitioner s perspective, based on 20+ years of experience working with some of the largest multinational companies in tech, health, pharma, and medical device industries. The class will take more of a manufacturer s (medical device, pharma, personal tech) perspective than a traditional healthcare provider perspective. Although we will cover both. The course will thus have a strong emphasis on critical decision-making and relevant application of the law necessary to provide meaningful guidance in a real world, highly dynamic, client setting. The course will use a diverse range of materials, including tools designed to aid in risk analysis and decision-making for counseling and advocacy work and will utilize case studies developed directly from actual client issues. The overall intent is for the course to have the character of a law firm partner teaching an associate or client how to, in turn, counsel their clients on health privacy issues.

Classes will be in-person, except when I have an unavoidable travel conflict, in which case we will convene virtually. I m looking forward to discussions on current events involving privacy and data protection we will not have a shortage of topics to discuss!

Materials

There will be suggested prep reading for most classes; I will distribute it when relevant. I will generally teach from an outline. There is no textbook. If I use visuals or a PowerPoint deck, they will be available for download after the class.

Assessment

Grading will be based on a single take-home exam using formats of multiple-choice, short answer, and essay/tool development. Exam will be time-bounded in accordance with law school rules and student exam answers are blinded, however, consideration may be given to classroom participation and engagement when determining final grades.

Contact Information. You are welcome to schedule a time to meet with me virtually or contact me by e-mail (stan@crosleylawoffices.com) or at my mobile (317.753.9023) at any time.