Newsletter #22 - January 2025
In this edition, we cover major regulatory shifts and AI advancements shaping healthcare and data security. The U.S. tightens HIPAA security rules, the EU rolls out the European Health Data Space (EHDS) for cross-border health data exchange, and new U.S. regulations restrict sensitive health data transfers to certain countries. Meanwhile, AI is revolutionizing healthcare, with Truveta’s 10M-volunteer Genome Project, Owkin’s AI-powered drug development, and AI-driven medical scribes making waves—though accuracy concerns remain. On the data privacy front, GDPR fines have soared to €5.88B, with Ireland leading at €3.5B, and the UK ICO reports 36K data complaints and £1.27M in fines, highlighting ongoing challenges in digital security.
Regulations & Guidelines
HHS Proposes Stricter HIPAA Security Rules to Boost Cybersecurity
HHS proposed significant updates to the HIPAA Security Rule on January 6, 2025, to strengthen cybersecurity protections, making all implementation specifications mandatory and introducing stricter compliance measures. Key changes include detailed asset inventories, enhanced risk analysis, mandatory incident response plans, stricter patch management, and annual business associate audits, with a public comment period open until March 7, 2025.
Trump Reverses Biden’s Executive Order on AI Risk Regulation
On January 20th 2025U.S. President Donald Trump revoked a 2023 executive order signed by Joe Biden that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security. Biden's order required developers of AI systems that pose risks to U.S. national security, the economy, public health or safety to share the results of safety tests with the U.S. government, in line with the Defense Production Act, before they were released to the public.
EU Adopts European Health Data Space (EHDS) to Boost Digital Healthcare
The Council of the EU has adopted the European Health Data Space (EHDS) regulation, making it easier to access and exchange electronic health data across the EU, while giving individuals greater control over their personal data. The EHDS will enhance cross-border healthcare, support medical research with pseudonymized? data, and ensure interoperability of electronic health records (EHRs), with the regulation set to take effect 20 days after its official publication.
Guidelines 01/2025 on Pseudonymisation | European Data Protection Board
The European Data Protection Board (EDPB) has released its Guidelines 01/2025 on Pseudonymisation, now open for public consultation until February 28, 2025, providing practical guidance on how pseudonymisation can serve as a safeguard for GDPR compliance. The guidelines outline technical and organisational measures to prevent re-identification, support data minimisation and confidentiality, enable cross-border data transfers, and enhance privacy protections in sectors like clinical research while maintaining data usability.
Tightens Data Flow Regulations to Protect Sensitive Health and Genomic Information
The U.S. government introduced new regulations on January 8, 2025, restricting the transfer of sensitive personal, genomic, and biospecimen data to certain “countries of concern.” These measures aim to prevent unauthorized access to critical health-related data, reinforcing national security and privacy protections.
Data Breach & Cybersecurity?
USR Holdings Fined $337,750 for HIPAA Violations After ePHI Data Breach
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) settled with USR Holdings, LLC for $337,750 over HIPAA Security Rule violations following a breach that exposed 2,903 individuals’ electronic protected health information (ePHI). The investigation revealed failures in risk assessments, system activity reviews, and ePHI protection, leading USR to implement a corrective action plan to strengthen its HIPAA compliance.
Estonia: DPI fines Asper Biogene €85,000 for GDPR Violations
Asper Biogene Oü was fined €85,000 by the Data Protection Inspectorate for GDPR violations, including inadequate security measures and improper DPO appointment, following a breach of 100,000 files with sensitive data.
Italy’s Garante Fines Hospital €25K for Data Breach Violation
The Italian data protection authority fined Antonio e Biagio e Cesare Arrigo University Hospital €25,000 for GDPR violations after a ransomware attack in December 2022 compromised personal data due to inadequate security measures, including lack of system updates and multi-factor authentication.
GDPR Fines Reach €5.88B in 2024, with Ireland Leading at €3.5B Since 2018
In 2024, a total of EUR1.2 billion in GDPR fines were issued across Europe, with Ireland leading at EUR3.5 billion since 2018. The overall fines since GDPR's implementation now total EUR5.88 billion, with the largest fine being EUR1.2 billion against Meta Platforms in 2023.
领英推荐
AI & Techbio
AI-Powered ‘Scribes’ Revolutionize Medical Note-Taking in Healthcare
Investment in AI medical note-taking apps surged to $800 million in 2024, with major companies like Microsoft and Amazon leading the charge. These tools aim to reduce administrative burdens on physicians, though accuracy issues and AI-generated "hallucinations" pose challenges. Trials show significant time savings, but manual oversight remains crucial for reliability.
How AI is Transforming Drug Development: Insights from Owkin
Paris-based biotech Owkin is leveraging AI to enhance drug development efficiency, aiming to double the industry’s success rate by optimizing clinical trial design and identifying new treatment opportunities. While not directly designing drugs, Owkin’s AI helps analyze large datasets, predict promising tumor targets, and create synthetic control arms, enabling faster and more cost-effective trials without requiring regulatory approval for AI-driven decisions.
Bioptimus Secures $76M to Launch Revolutionary Foundation Model for Biology
Bioptimus an OWKIN spinoff (read above) has secured $76 million in funding, including $41 million from Cathay Innovation and other investors, to develop a universal AI foundation model for biology, aiming to transform research in various industries.
BioTech, Healthtech and Healthcare
Scaling Healthcare Data: Unlocking Insights with AI and Patient-Centered Innovation
Turning fragmented healthcare data into actionable insights requires strong infrastructure and expertise. This article explores how AI and LLMs play a key role in improving patient care and clinical outcomes.
Truveta Launches Genome Project to Build a 10M-Volunteer Genetic Database for Personalized Medicine
Truveta launches the Genome Project to create a genetic database for personalized medicine, utilizing patient biospecimens with consent. The initiative, backed by significant investments, aims to sequence exomes of 10 million volunteers while addressing ethical and privacy concerns related to genomic data.
Food For Thought
Insights from JPM Healthcare Conference
The JPM Healthcare Conference that took place in January 2025 in San Francisco featured major AI and digital health announcements, including NVIDIA’s partnerships with IQVIA, Illumina, Mayo Clinic, and Aignostics to advance AI-powered drug discovery, genomics, and digital pathology. Truveta launched the Truveta Genome Project with Regeneron, Illumina, and Microsoft, aiming to surpass the UK Biobank by linking genomic data with de-identified medical records, while Dexcom expanded CGM trials for type 2 diabetes and launched Stelo, its over-the-counter CGM on Amazon. Other notable updates include Waystar’s AltitudeAI for automated insurance claims, Tempus AI’s upgraded generative assistant for precision medicine, ConcertAI’s oncology-focused AI tool, and Health Catalyst’s $86M acquisition of Upfront Healthcare to enhance patient engagement and care coordination.
ICO publishes 2024 year-in-review
The UK's ICO reported 36,049 data protection complaints and 1,991 personal data breaches in 2024, issuing £1.27 million in fines. Key actions included a public consultation on generative AI.
Podcasts?
iliomad's News
EUCROF Conference Copenhagen - 2025
iliomad Health Data will be attending the EUCROF Conference in the beautiful city of Copenhagen from February 2nd to February 4th. We look forward to forging new partnerships during this exciting gathering of CRO companies!