Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

There’s a new COVID-19 test from healthcare technology maker Abbott that looks to be the fastest yet in terms of producing results, and that can do so on the spot right at point-of-care, without requiring a round trip to a lab. This test for the novel coronavirus causing the current global pandemic has received emergency clearance for use by the U.S. Food and Drug Administration, and will begin production next week, with output of 50,000 per day possible starting next week.

The new Abbott ID NOW COVID-19 test uses the Abbott ID NOW diagnostics platform, which is essentially a lab-in-a-box that is roughly the size of a small kitchen appliance. It’s size, and the fact that it can produce either a positive result in just five minutes, or a negative one in under 15, mean that it could be a very useful means to extend coronavirus testing beyond its current availability to more places including clinics and doctor’s offices, and cut down on wait times both in terms of getting tested and receiving a diagnosis.

Unlike the rapid tests that have been used in other countries, and that received a new type of authorization under an FDA guideline that doesn’t confirm the accuracy fo the results, this rapid testing solution uses the molecular testing method, which works with saliva and mucus samples swabbed from a patient. This means that it works by identifying a portion of the virus’ DNA in a patient, which means it’s much better at detecting the actual presence of the virus during infection, whereas other tests that search the blood for antibodies that are used in point-of-care settings can only detect antibodies, which might be present in recovered patients who don’t actively have the virus.

The good news for availability of this test is that ID NOW, the hardware from Abbott that it runs on, already “holds the largest molecular point-of-care footprint in the U.S.,” and is “widely available” across doctor’s offices, urgent care clinics, emergency rooms and other medical facilities.

In total, Abbott now says that it believes it will produce 5 million tests in April, split between these new rapid tests and the lab tests that it received emergency use authorization for by the FDA on March 18.

Testing has been one of the early problems faced by the U.S. in terms of getting a handle on the coronavirus pandemic: The country has lagged behind other nations globally in terms of per capita tests conducted, which experts say has hampered its ability to properly track and trace the spread of the virus and its resulting respiratory disease. Patients have reported having to go to extreme lengths to receive a test, and endure long waits for results, even in cases where exposure was likely and their symptoms match the COVID-19 profile.


TechCrunch

The United States Environmental Protection Agency (EPA) announced on Thursday that it is temporarily relaxing enforcement of environmental regulations and fines during the COVID-19 outbreak. The “enforcement discretion policy” applies retroactively to March 13, with no end date set yet.

“EPA is committed to protecting human health and the environment, but recognizes the challenges resulting from efforts to protect workers and the public from COVID-19 may directly impact the ability of regulated facilities to meet all federal regulatory requirements,” said EPA administrator Andrew Wheeler in the agency’s announcement.

While very broad, the EPA said the policy “addresses different categories of noncompliance differently.” For example, the EPA will not seek penalties for noncompliance with monitoring and reporting “that are the result of the COVID-19 pandemic,” but that it still expects public water systems to provide safe drinking water.

The new policy follows lobbying from industries including oil and gas, which told the Trump administration that relaxed regulations will allow them to more efficiently distribute fuel during the outbreak.

But critics say that the policy will not only result in more pollution, but also make it impossible to fully assess the environmental damage.

In a statement to the Hill, Cynthia Giles, who headed the EPA’s Office of Enforcement during the Obama administration, said the new policy “tells companies across the country that they will not face enforcement even if they emit unlawful air and water pollution in violation of environmental laws, so long as they claim that those failures are in some way ‘caused’ by the virus pandemic. And it allows them an out on monitoring too, so we may never know how bad the violating pollution was.”


TechCrunch

Companies around the world are shifting production lines and business models to address the needs of governments and healthcare agencies in their efforts to slow the spread of COVID-19. Two companies answering that call are Dyson and Gtech, both of which are working on ventilator hardware, leveraging their experience building vacuums and other motor-driven airflow gadgets to spin up new designs and get them validated and produced as quickly as possible.

Dyson, the globally-recognized appliance maker, is working with The Technology Partnership (TTP) on a brand new ventilator design called the CoVent. This design is meant to be made quickly at at high volumes, and leverages Dyson’s existing Digital Motor design, as well as the company’s air purification products, to deliver safe and consistent ventilation for COVID-19 patients, according to an internal email from founder James Dyson to Dyson employees and provided to TechCrunch.

Dyson was reacting to a request from UK Prime Minister Boris Johnson for ventilator supplies, and intends to first fulfil an order of 10,000 units o the UK Government. Its ventilator still needs to be tested and its production process approved by the government and the UK’s Medicines and Healthcare Products Regulatory Agency (the MHRA, its FDA equivalent), but Dyson says in the email that “the race is now on to get it into production.” The company notes that experts from both the UK’s national healthcare agency and the MHRA have been involved throughout its design process, which should help expedite approvals.

The CoVent meets the specifications set out by clinicians for ventilator hardware, and is both bed-mounted and portable with a battery power supply, for flexible us across a variety of settings, including during patient transportation. Because it uses a lightly modified version Dyson’s existing Digital Motor design, the company says that the fan units needed for its production are “available in very high volume.”

“I am proud of what Dyson engineers and our partners at TTP have achieved. I am eager to see this new device in production and in hospitals as soon as possible,” Dyson wrote in his email. “This is clearly a time of grave international crisis, I will therefore donate 5,000 units to the international effort, 1,000 of which will go to the United Kingdom.”

Meanwhile, Gtech, another UK home appliance and vacuum maker, has likewise done what it can to answer the government’s call for ventilator hardware. The company’s owner Nick Grey said that it received a request to build up to 30,000 ventilators in just a two-week span, which promoted them to quickly set about figuring out what went into the design of this medical hardware.

Gtech’s team developed a ventilator that can be made from parts easily made from abundant stock materials, or off-the-shelf pre-assembled parts. The company says that it can spin up production of around 100 per day within a week or two, so long as it can source steel fabrication and CNC machining suppliers.

In addition to its own production capacity, Gtech is making its ventilator designs available for free to the broader community in order to ramp production. The company says that “there’s no reason why thousands of emergency ventilators can’t be made each day” in this way, according to an interview with Grey and CTV News. Like the Dyson model, Gtech’s design will need assessment and certification from the UK government and regulators before they can be put into use.


TechCrunch

While a number of companies who currently offer at-home medical and health diagnostics had rushed to produce kits that would allow for self sample collection by people who passed a screening and believed they might have contracted the new coronavirus, the U.S. Food and Drug Administration (FDA) has updated its Emergency Use Authorization guidelines to private labs that specifically bar the use of at-home sample collection. This means startups including Everlywell, Carbon Health and Nurx will have to immediately discontinue their testing programs in light of the clarified rules.

The FDA issued the updated guidance on March 21, and though some of the companies had already begun to ship their sample collection kits to people, and even begun to receive samples back to their diagnostic laboratory partners, even any samples in-hand will not be tested, and will instead be destroyed in order to compel with the FDA’s request. Carbon Health is continuing testing at its physical clinics, and notified TechCrunch of this update on Sunday evening, and an individual who ordered the Carbon Health test and sent back their sample provided the following email explaining the decision and what happens next:

We have been working hard to provide our patients every opportunity for COVID-19 testing and treatment, including exploring different avenues for testing.

This evening, we were notified by our lab partner, Curative Inc, that the 3/21/2020 FDA update for COVID-19 testing clarified that at-home sample collection is not covered under the EUA (U.S. Food and Drug Administration’s Emergency Use Authorization). Carbon Health is discontinuing distribution of the at-home sample collection kits effective immediately.

Based on this update by the FDA, we sincerely regret to inform you that you will not get a test result. If you have already shipped your kit back, the specimen will be destroyed by Curative, Inc using standard biohazard disposal. If you have not received your kit yet, please discard it upon receipt.

Please schedule an in-clinic visit at a Carbon Health clinic near you, if possible, to be tested using our traditional specimen collection by a clinician. The turn-around time for results is about 3-5 days from time of specimen collection.

Our goal was to facilitate at home specimen collection in order to keep patients safely in their homes while also providing another avenue for patients to be tested. This is a very dynamic time and we are working tirelessly to work with new partners to expand COVID-19 testing for our communities, as soon as possible. We are truly sorry for the frustration and inconvenience this has caused.

All three of the companies we spoke to that were working to distribute these tests had partnered with labs that were approved under the FDA emergency guidelines to perform COVID-19 diagnostics, and it was the understanding of all parties that at-home self collection via swab kits was included in the authorization. All three also said they were offering their tests at-cost, and seeking ways to defray even that cost to consumers through potential healthcare agency partnerships. Each also offered telehealth consultations for both the sample-gathering process, as well as for delivery of the results.

The FDA’s goal with its emergency use authorization is to enable testing without sticking to its usual qualification process, but it must always balance accuracy and safety. It did grant emergency use approval to Cepheid’s rapid point-of-care test last Friday, as well, which should expand availability of tests on-site in locations like hospitals and emergency medical care clinics, but this updated rule means that at-home tests will not, in the near-term, be a path towards expanding testing coverage in the U.S.

Another startup, Scanwell, has developed an in-home test that includes the diagnostics, using a serological test that looks for the presence of antibodies in a person’s blood. This is still pending FDA approval, and the company is seeking that under the emergency use authorization, with an anticipated approval process time of around six to eight weeks.


TechCrunch

The U.S. Food and Drug Administration (FDA) is moving much more quickly to grant special ’emergency use authorization’ to equipment and tests that could help increase testing for the novel coronavirus in the U.S., which lags behind most countries in the world when it comes to tests conducted relative to the size of its population. One type of test just approved for use could help expand the availability of frontline testing in hospitals and at clinics where patients are receiving care – without requiring round-tripping to a dedicated diagnostics lab.

Cepheid’s COVID-19 test, which the agency approved this week, also has the advantage of being able to be run either with or without use of a nasal swab, which is key because supplies of nasal swabs are taxed globally in light of the need for testing. It’s also a molecular, PCR-based test, with high rates of accuracy just like the lab-based testing that’s already in place across facilities in the U.S., but it uses the company’s GeneXpert machine (basically a diagnostics kit the size of an inkjet printer cartdrige lab in a box roughly the size of an inkjet printer) to produce results on-site.

Cepheid says that around 23,000 of its GeneXpert micro-labs are already in use around the world, with around 5,000 of those located in the U.S. The company’s hardware has been running tests for the flu for years already, with high reliability rates. The new COVID-19 tests for the system will begin to be shipped out by the Sunnyvale-based molecular diagnostics company starting next week.

Testing in the U.S. has increased over the past week, thanks in large part to widespread efforts to expand availability especially in hard-hit regions like New York State. But the need for more tests is still pressing, as the limits of availability mean that essentially only the most severe cases, often requiring confirmed contact tracing or proof of elevated risk, are being tested. Solutions like Cepheid’s, as well as other potential alternative test methods than can be done entirely at home, like Scanwell’s forthcoming test that looks for antibodies in a person’s blood, are much-needed if we hope to truly expand testing to a degree that it can properly inform any coronavirus mitigation strategy.


TechCrunch

In a public health emergency that relies on people keeping an anti-social distance from each other to avoid spreading a highly contagious virus for which humans have no pre-existing immunity governments around the world have been quick to look to technology companies for help.

Background tracking is, after all, what many Internet giants’ ad-targeting business models rely on. While, in the US, telcos were recently exposed sharing highly granular location data for commercial ends.

Some of these privacy-hostile practices face ongoing challenges under existing data protection laws in Europe — and/or have at least attracted regulator attention in the US, which lacks a comprehensive digital privacy framework — but a pandemic is clearly an exceptional circumstance. So we’re seeing governments turn to the tech sector for help.

US president Donald Trump was reported last week to have summoned a number of tech companies to the White House to discuss how mobile location data could be used for tracking citizens.

In another development this month he announced Google was working on a nationwide coronavirus screening site — in fact it’s Verily, a different division of Alphabet. But concerns were quickly raised that the site requires users to sign in with a Google account, suggesting users’ health-related queries could be linked to other online activity the tech giant monetizes via ads. (Verily has said the data is stored separately and not linked to other Google products, although the privacy policy does allow data to be shared with third parties including Salesforce for customer service purposes.)

In the UK the government has also been reported to be in discussions with telcos about mapping mobile users’ movements during the crisis — though not at an individual level. It was reported to have held an early meeting with tech companies to ask what resources they could contribute to the fight against COVID-19.

Elsewhere in Europe, Italy — which remains the European nation worst hit by the virus — has reportedly sought anonymized data from Facebook and local telcos that aggregates users’ movement to help with contact tracing or other forms of monitoring.

While there are clear public health imperatives to ensure populations are following instructions to reduce social contact, the prospect of Western democracies making like China and actively monitoring citizens’ movements raises uneasy questions about the long term impact of such measures on civil liberties.

Plus, if governments seek to expand state surveillance powers by directly leaning on the private sector to keep tabs on citizens it risks cementing a commercial exploitation of privacy — at a time when there’s been substantial push-back over the background profiling of web users for behavioral ads.

“Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world,” warns civil rights campaign group Privacy International, which is tracking what it dubs the “extraordinary measures” being taken during the pandemic.

A couple of examples include telcos in Israel sharing location data with state agencies for COVID-19 contact tracing and the UK government tabling emergency legislation that relaxes the rules around intercept warrants.

“Many of those measures are based on extraordinary powers, only to be used temporarily in emergencies. Others use exemptions in data protection laws to share data. Some may be effective and based on advice from epidemiologists, others will not be. But all of them must be temporary, necessary, and proportionate,” it adds. “It is essential to keep track of them. When the pandemic is over, such extraordinary measures must be put to an end and held to account.”

At the same time employers may feel under pressure to be monitoring their own staff to try to reduce COVID-19 risks right now — which raises questions about how they can contribute to a vital public health cause without overstepping any legal bounds.

We talked to two lawyers from Linklaters to get their perspective on the rules that wrap extraordinary steps such as tracking citizens’ movements and their health data, and how European and US data regulators are responding so far to the coronavirus crisis.

Bear in mind it’s a fast-moving situation — with some governments (including the UK and Israel) legislating to extend state surveillance powers during the pandemic.

The interviews below have been lighted edited for length and clarity

Europe and the UK

Dr Daniel Pauly, technology, media & telecommunications partner at Linklaters in Frankfurt 

Data protection law has not been suspended. At least when it comes to Europe. So data protection law still applies — without any restrictions. This is the baseline on which we need to work and for which we need to start. Then we need to differentiate between what the government can do and what employers can do in particular.

It’s very important to understand that when we look at governments they do have the means to allow themselves a certain use of data. Because there are opening clauses, flexibility clauses, in particular in the GDPR, when it comes to public health concerns, cross-border threats.

By using the legislation process they may introduce further powers. To give you one example what the Germany government did to respond is they created a special law — the coronavirus notification regulation — we already have in place a law governing the use of personal data in respect of certain serious infections. And what they did is they simply added the coronavirus infection to that list, which now means that hospitals and doctors must notify the competent authority of any COVID-19 infection.

This is pretty far reaching. They need to transmit names, contact details, sex, date of birth and many other details to allow the competent authority to gather that data and to analyze that data.

Another important topic in that field is the use of telecommunications data — in particular mobile phone data. Efficient use of that data might be one of the reasons why they obviously were quite successful in China with reducing the threat from the virus.

In Europe the government may not simply use mobile phone data and movement data — they have to anonymize it first and this is what, in Germany and other European jurisdictions, happened — including the UK — that anonymized mobile phone data has been handed over to organizations who start analyzing that data to get a better view of how the people behave, how the people move and what they need to do in order to restrict further movement. Or to restrict public life. This is the view on the government at least in Europe and the UK.

Transparency obligations [related to government use of personal data] are stemming from the GDPR [General Data Protection Regulation]. When they would like to make use of mobile phone data this is the ePrivacy directive. This is not as transparent as the GDPR is and they did not succeed in replacing that piece of legislation by new regulation. So the ePrivacy directive gives again the various Member States, including the UK, the possibility to introduce further and more restrictive laws [for public health reasons].

[If Internet companies such as Google were to be asked by European governments to pass data on users for a coronavirus tracking purpose] it has to be taken into consideration that they have not included this in their records of processing activities — in their data protection notifications and information.

So it would be at least from a pure legal perspective it would be a huge step — and I’m wondering whether it would be feasible without the governments introducing special laws for that.

If [EU] governments would make use of private companies to provide them with data which has not been collected for such purposes — so that would be a huge step from the perspective of the GDPR at least. I’m not aware of something like this. I’ve certainly read there are discussions ongoing with Netflix to reduce the net traffic but I haven’t heard anything about making use of the data Google has.

I wouldn’t expect it in Europe — and particularly in Germany. Tracking people, tracking and monitoring what they are doing this is almost last resort — so I wouldn’t expect that in the next couple of weeks. And I hope then it’s over.

[So far], from my perspective, the European regulators have responded [to the coronavirus crisis] in a pretty reasonable manner by saying that, in particular, any response to the virus must be proportionate.

We still have that law in place and we need to consider that the data we’re talking about is health data — it’s the most protected data of all. Having said that there are some ways at least the GDPR is allowing the government and allowing employers to make use of that data. In particular when it comes to processing for substantial public interest. Or if it’s required for the purposes of preventive medicine or necessary for reasons of public interest.

So the legislator was wise enough to include clauses allowing the use of such data under certain circumstances and there are a number of supervisory authorities who already made public guidelines how to make use of these statutory permissions. And what they basically said was it always needs to be figured out on a case by case basis whether the data is really required in the specific case.

To give you an example, it was made clear that an employer may not ask an employee where he has been during his vacation — but he may ask have you been in any of the risk areas? And then the sufficient answer is yes or no. They do not need any further data. So it’s always [about approaching this] a smart way — by being smart you get the information you need; it’s not the flood gate suddenly opened.

You really need to look at the specific case and see how to get the data you need. Usually it’s a yes or no which is sufficient in the particular case.

The US

Caitlin Potratz Metcalf, senior U.S. associate at Linklaters and a Certified Information Privacy Professional (CIPP/US)

Even though you don’t have a structured privacy framework in the US — or one specific regulator that covers privacy — you’ve got some of the same issues. The FCC [Federal Communications Commission] will go after companies that take any action that is inconsistent with their privacy policies. And that would be misleading to consumers. Their initial focus is on consumer protection, not privacy, but in the last couple of years they’ve been wearing two hats. So there is a focus on privacy even though we don’t have a national privacy law [equivalent in scope to the EU’s GDPR] but it’s coming from a consumer protection point of view.

So, for example, the FCC back in February actually announced potential sanctions against four major telecoms companies int he US with respect to sharing data related to cell phone tracking — it wasn’t the geolocation in an app but actually pinging off cell towers — and sharing that data to third parties without proper safeguards. Because that wasn’t disclosed in their privacy policies.

They haven’t actually issued those fines but it was announced that they may pursue a $ 208M fine total against these four companies: AT&T, Verizon*, T-Mobile, Sprint… So they do take it very seriously about how that data is safeguarded, how it’s being shared. And the fact that we have a state of emergency doesn’t change that emphasis on consumer protection.

You’ll see the same is true for the Department of Health and Human Services (HHS) — that’s responsible for any medical or health data.

That is really limited towards entities that are covered entities under HIPAA [Health Insurance Portability and Accountability Act] or their business associates. So it doesn’t apply to everybody across the board. But if you are a hospital health plan provider, whether you’re an employer and you have a group health plan, an insurer, or a business associate supporting one of those covered entities then you have to comply with HIPAA to the extent you’re handling protected health information. And that’s a bit narrower than the definition of personal data that you’d have under GDPR.

So you’re really looking at identifying information for that patient: Their medical status, their birth date, address, things like that that might be very identifiable and related to the person. But you could share things that are more general. For example you have a middle aged man from this county who’s tested positive for COVID and is at XYZ facility being treated and his condition is stable. Or his condition is critical. So you could share that kind of level of detail — but not further.

And so HHS in February had issued a bullet stressing that you can’t set aside the privacy and security safeguards under HIPAA during an emergency. They stressed to all covered entities that you have to still comply with the law — sanctions are still in place. And to the extent that you do have to disclose some of the protected health information it has to be to the minimum extent necessary. And that can be disclosed either to other hospitals, to a regulator in order to help stem the spread of COVID and also in order to provide treatment to a patient. So they listed a couple of different exceptions how you can share that information but really stressing the minimum necessary.

The same would be true for an employer — like of a group health plan — if they’re trying to share information about employees but it’s going to be very narrow in what they can actually share. And they can’t just cite as an exception that it’s for the public health interest.. You don’t necessarily have to disclose what country they’ve been to it’s just have they been to a region that’s on a restricted list for travel. So it’s finding creative ways to relay the necessary information you need and if there’s anything less intrusive you’re required to go that route.

That said, just last week HHS also issued another bullet saying that they would waive HIPAA sanctions and penalties during the nationwide public health emergency. But it was only directed to hospitals — so it doesn’t apply to all covered entities.

They also issued another bulletin saying that they would lax restrictions on basically sharing data on using electronic means. So there’s very heightened restrictions on how you can share data electronically when it relates to medical and health information. And so this was allowing doctors to communicate by FaceTime or video chat and other methods that may not be encrypted or secure. Or communicate with patients etc. So they’re giving a waiver or just softening some of the restrictions related to transferring health data electronically.

So you can see it’s an evolving situation but they’ve still taken a very reserved and kind of conservative approach — really emphasizing that you do need to comply with your obligation to protect health data. So that’s where you see the strongest implementations. And then the FCC coming at it from a consumer protection point of view.

Going back to the point you made earlier about Google sharing data [with governments] — you could get there, it just depends on how their privacy policies are structured.

In terms of tracking individuals we don’t have a national statute like GDPR that would prevent that but it would also be very difficult to anonymize that data because it’s so tied to individuals — it’s like your DNA; you can map a person leaving home, going to work or school, going to a doctor’s office, coming back home — and it really does have very sensitive information and because of all the specific data points it means it’s very difficult to anonymize it and provide it in a format that wouldn’t violate someone’s privacy without their consent. And so while you may not need full consent in the US you would still need to have notice and transparency about the policies.

Then it would be slightly different if you’re a California resident — the degree that you need under the new California law [CCPA] to provide disclosures and give individuals the opportunity to opt out if you were to share their information. So in that case, where the telecoms companies are potentially going to be sued by the FCC for sharing data with third parties, that in particular would also violate the new California law if consumers weren’t given the opportunity to opt out of having their information sold.

So there’s a lot of different puzzle pieces that fit together since we have a patchwork quilt of data protection — depending on the different state and federal laws.

The government, I guess, could issue other mandates or regulations [to requisition telco tracking data for a COVID-related public health purpose] — I don’t know that they will. I would envisage more of a call to arms requesting support and assistance from the private sector. Not a mandate that you must share your data, given the way our government is structured. Unless things get incredibly dire I don’t really see a mandate to companies that they have to share certain data in order to be able to track patients.

[If Google makes use of health-related searches/queries to enrich user profiles it uses for commercial purposes] that in and of itself wouldn’t be protected health information.

Google is not a [HIPAA] covered entity. And depending on what type of support it’s providing for covered entities it may be in limited circumstances could be considered a business associate that could be subject to HIPAA but in the context of just collecting data on consumers it wouldn’t be governed by that.

So as long as it’s not doing anything outside the scope of what’s already in its privacy policies then it’s fine — so the fact that it’s collecting data based on searches that you run on Google that should be in the privacy policy anyway. It doesn’t need to be specific to the type of search that you’re running. So the fact that it’s looking up how to get COVID testing or treatment or what are the symptoms for COVID, things like that, that can all be tied to the data [it holds on users] and enriched. And that can also be shared and sold to third parties — unless you’re a California resident. They have a separate privacy policy for California residents… They just have to consistent with their privacy policy.

The interesting thing to me is maybe the approach that Asia has taken — where they have a lot more influence over the commercial sector and data tracking–  and so you actually have the regulator stepping in and doing more tracking, not just private companies. But private companies are able to provide tracking information.

You see it actually with Uber. They’ve issued additional privacy notices to consumers — saying that to the extent we become aware of a passenger that has had COVID or a driver, we will notify people who have come into contact with that Uber over a given time period. They’re trying to take the initiative to do their own tracking to protect workers and consumers.

And they can do that — they just have to be careful about how much detail they share about personal information. Not naming names of who was impacted [but rather saying something like] ‘in the last 24 hours you may have ridden in an Uber that was impacted or known to have an infected individual in the Uber’.

[When it comes to telehealth platforms and privacy protections] it depends if they’re considered a business associate of a covered entity. So they may not be a covered entity themselves but if they are a business associate supporting a covered entity — for example a hospital or a clinic or insurers sharing that data and relying on a telehealth platform. In that context they would be governed by some of the same privacy and security regulations under HIPAA.

Some of them are slightly different for a business associate compared to a covered entity but generally you step in the shoes of the covered entity if you’re handling the covered entity’s data and have the same restrictions apply to you.

Aggregate data wouldn’t be considered protected health information — so they could [for example] share a symptom heat map that doesn’t identify specific individuals or patients and their health data.

[But] standalone telehealth apps that are collecting data directly from the consumer are not covered by HIPAA.

That’s actually a big loophole in terms of consumer protection, privacy protections related to health data. You have the same issue for all the health fitness apps — whether it’s your fitbit or other health apps or if you’re pregnant and you have an app that tracks your maternity or your period or things like that. Any of that data that’s collected is not protected.

The only protections you have are whatever disclosures are in the privacy policies. And in them having to be transparent and act within that privacy policy. If they don’t they can face an enforcement action by the FCC but that is not regulated by the Department of Health and Human Services under HIPAA.

So it’s a very different approach than under GDPR which is much more comprehensive.

That’s not to say in the future we might see a tightening of restrictions on that but individuals are freely giving that information — and in theory should read the privacy policy that’s provided when you log into the app. But most users probably don’t read that and then that data can be shared with other third parties.

They could share it with a regulator, they could sell it to other third parties so long as they have the proper disclosure that they may sell your personal information or share it with third parties. It depends on how they’re privacy policy is crafted. So long as it covers those specific actions. And for California residents it’s a more specific test — there are more disclosures that are required.

For example the type of data that you’re collecting, the purpose that you’re collecting it for, how you intend to process that data, who you intend to share it with and why. So it’s tightened for California residents but for the rest of the US you just have to be consistent with your privacy policy and you aren’t required to have the same level of disclosures.

More sophisticated, larger companies, though, definitely are already complying with GDPR — or endeavouring to comply with the California law — and so they have more sophisticated, detailed privacy notices than are maybe required by law in the US. But they’re kind of operating on a global platform and trying to have a global privacy policy.

*Disclosure: Verizon is TechCrunch’s parent company


TechCrunch

Israel has passed an emergency law to use mobile phone data for tracking people infected with COVID-19 including to identify and quarantine others they have come into contact with and may have infected.

The BBC reports that the emergency law was passed during an overnight sitting of the cabinet, bypassing parliamentary approval.

Israel also said it will step up testing substantially as part of its respond to the pandemic crisis.

In a statement posted to Facebook, prime minister Benjamin Netanyahu wrote: “We will dramatically increase the ability to locate and quarantine those who have been infected. Today, we started using digital technology to locate people who have been in contact with those stricken by the Corona. We will inform these people that they must go into quarantine for 14 days. These are expected to be large – even very large – numbers and we will announce this in the coming days. Going into quarantine will not be a recommendation but a requirement and we will enforce it without compromise. This is a critical step in slowing the spread of the epidemic.”

“I have instructed the Health Ministry to significantly increase the number of tests to 3,000 a day at least,” he added. “It is very likely that we will reach a higher figure, even up to 5,000 a day. To the best of my knowledge, relative to population, this is the highest number of tests in the world, even higher than South Korea. In South Korea, there are around 15,000 tests a day for a population five or six times larger than ours.”

On Monday an Israeli parliamentary subcommittee on intelligence and secret services discussed a government request to authorize Israel’s Shin Bet security service to assist in a national campaign to stop the spread of the novel coronavirus — but declined to vote on the request, arguing more time is needed to assess it.

Civil liberties campaigners have warned the move to monitor citizens’ movements sets a dangerous precedent.

According to WHO data, Israel had 200 confirmed cases of the coronavirus as of yesterday morning. Today the country’s health ministry reported cases had risen to 427.

Details of exactly how the tracking will work have not been released — but, per the BBC, the location data of people’s mobile devices will be collected from telcos by Israel’s domestic security agency and shared with health officials.

It also reports the health ministry will be involved in monitoring the location of infected people to ensure they are complying with quarantine rules — saying it can also send text messages to people who have come into contact with someone with COVID-19 to instruct them to self isolate.

In recent days Netanyahu has expressed frustration that Israel citizens have not been paying enough mind to calls to combat the spread of the virus via voluntary social distancing.

“This is not child’s play. This is not a vacation. This is a matter of life and death,” he wrote on Facebook. “There are many among you who still do not understand the magnitude of the danger. I see the crowds on the beaches, people having fun. They think this is a vacation.”

“According to the instructions that we issued yesterday, I ask you not leave your homes and stay inside as much as possible. At the moment, I say this as a recommendation. It is still not a directive but that can change,” he added.

Since the Israeli government’s intent behind the emergency mobile tracking powers is to combat the spread of COVID-19 by enabling state agencies to identify people whose movements need to be restricted to avoid them passing the virus to others, it seems likely law enforcement agencies will also be involved in enacting the measures.

That will mean citizens’ smartphones being not just a tool of mass surveillance but also a conduit for targeted containment — raising questions about the impact such intrusive measures might have on people’s willingness to carry mobile devices everywhere they go, even during a pandemic.

Yesterday the Wall Street Journal reported that the US government is considering similar location-tracking technology measures in a bid to check the spread of COVID-19 — with discussions ongoing between tech giants, startups and White House officials on measures that could be taken to monitor the disease.

Last week the UK government also held a meeting with tech companies to ask for their help in combating the coronavirus. Per Wired some tech firms offered to share data with the state to help with contact tracing — although, at the time, the government was not pursuing a strategy of mass restrictions on public movement. It has since shifted position.


TechCrunch

Created by R the Company. Powered by SiteMuze.