|THIS ISSUE'S HEADLINES
Informed Consent and “Connected” Medical Devices in the Digital Age
The Real Risk of GDPR Non-Compliance
Negligence Claims: Expect to go to Trial
RSVP Requested: “Preventing Sexual Harassment in Your Organization” Seminar
INFORMED CONSENT AND “CONNECTED” MEDICAL DEVICES IN THE DIGITAL AGE
Individuals are becoming more comfortable using devices and appliances that are connected to the internet or store vast amounts of their personal data. From Fitbits to “smart” thermostats to smartphones, people knowingly and unknowingly allow these devices to store and share data. In many ways, as the recent Facebook controversy shows, a person’s data can be sold to the highest bidder without their knowledge or consent, or they can willingly choose to trade data and privacy for convenience, coupons, or to play Candy Crush.
Medical devices are no exception. Wearable and connected medical devices such as pacemakers, defibrillators, glucometers, blood pressure meters and scales are part of the new connected world of devices called the “internet of things.” Many medical devices can connect to your phone via an app and share their data with either your doctor’s office or the device manufacturer to monitor your health condition or send an alert if trouble is sensed. Without a doubt, this gathering and sharing of data has many obvious upsides. But this arrangement is not without risk.
In an article published in Providence Business News, PLDO Partner Brian J. Lamoureux describes the challenge doctors and patients face with connected devices and whether they have enough information and expertise to ensure patients can truly give “informed consent” – the principle that means doctors must adequately explain the risks, benefits and side effects of a course of treatment. In the article, Attorney Lamoureux raises important questions and offers his insight into a patient’s freedom of choice to select or decline a treatment when connected wearable or implantable devices are part their health care plan. To read the article, click Cybersecurity and medical devices - informed consent in digital age. For further information about cyber law and cybersecurity issues in your organization, please contact Attorney Lamoureux at 401-824-5100 or email email@example.com.
[back to top]
THE REAL RISK OF GDPR NON-COMPLIANCE
American businesses, as a whole, are far behind their European counterparts in the extent of their compliance with GDPR, the European Union’s General Data Protection Regulation. One of the most common reasons for this is also one of the most natural: it simply flies in the face of many Americans that their domestic activities might be governed by a European regulation. When GDPR’s May 26, 2018 implementation date was first established, many American businesses questioned whether it would even be enforceable on this side of the Atlantic. However, that impression has changed, yet there is still confusion about the regulation, including its two foundational questions: what does GDPR protect, and to whom does GDPR apply.
As to the former, GDPR protects “personal data:” data that, alone or in combination with other data, could be used to identify an individual. As to the latter foundational question, GDPR applies to “data subjects” “in the [European] Union,” “whatever their nationality or residence.” This means that GDPR isn’t limited to European citizens or European residents, as is often erroneously stated. For example, if a person is in the European Union when their data is collected, that data is protected by GDPR whether they are citizens of an EU country, a tourist, a visiting student, etc.
What does this mean exactly? It means that internet-based businesses that sell goods or services more than infrequently to European-based customers are subject to GDPR. It means that data collected by an American university on a student while she studies at the Prado in Madrid for a semester is subject to GDPR. And, it means that American hospitals that obtain data from patients or potential patients in Europe are subject to GDPR, including the internet “cookies” related to those potential European patients that the hospital’s website collects.
With the effective date for implementation around the corner and potential fines for non-compliance reaching into the millions, PLDO Attorney Joel K. Goloskie has published a comprehensive advisory with details of the regulation and its “private right of action” provision, which gives covered individuals the right to sue for “material and non-material damages.” To access the advisory, click The Real Risk of GDPR Non-Compliance. For more information about your organization’s preparation and compliance strategy for GDPR, please contact Attorney Goloskie at 401-824-5100 or email firstname.lastname@example.org.
[back to top]
NEGLIGENCE CLAIMS: EXPECT TO GO TO TRIAL
In a recent Rhode Island Supreme Court decision, the long-standing order that negligence claims are not appropriately resolved by summary judgment motions was once again re-emphasized by the Court. In fact, the Court has recently overturned several decisions of the Superior Court where summary judgment was granted on negligence claims.
In the case of Ian Delong v. Rhode Island Sports Center, Inc., a college hockey player, along with several of his teammates, became ill after playing a hockey game at the defendant’s arena. The plaintiff later sued the arena, arguing that it permitted noxious gas to accumulate, which caused plaintiff to inhale said fumes and become ill. The arena moved for and was granted summary judgment. Among the reasons that the case was dismissed by the Superior Court against the arena was that: (1) plaintiff admitted that he did not see or smell any fumes at the arena; (2) plaintiff assumed but was not positive that he became ill because of the fumes; and (3) there was no evidence that the arena was aware of the fumes accumulating. The plaintiff appealed the decision to the Supreme Court. On appeal, the Court had no trouble finding disputed questions of fact as to all grounds upon which the Superior Court relied. The Supreme Court cited to contradicting affidavits, medical records, and subsequent remedial measures taken by the arena.
While the facts of the Delong case are unique, what is not unique is the reasoning of the Supreme Court in overturning the decision of the Superior Court. Negligence claims, according to the Supreme Court, are not amenable to disposition by summary judgment. It is the rare case that a negligence claim can be decided without going to a jury for trial. This is because negligence claims are fact intensive matters, and questions of fact must be resolved at trial. Accordingly, when defending against negligence claims it is important to understand that judicial resolution short of trial is unlikely, and consider alternative options, such as the Court Annexed Arbitration process or mediation when such is a viable alternative. For more information on this issue or other business matters, please contact Attorney Patrick J. McBurney at 401-824-5100 or email email@example.com.
[back to top]
REGISTER TO ATTEND A SEMINAR ON PREVENTING SEXUAL HARASSMENT IN YOUR BUSINESS
RSVP is required to attend a seminar about how to better address, prevent and manage workplace sexual harassment in your organization, scheduled for Wednesday, May 23, 2018 from 8:30 a.m. to 10 a.m. at the Crowne Plaza Grand Ballroom in Warwick, RI. Sexual Harassment: Learn What You Should Know for Your Business in the #MeToo Era is co-sponsored by PLDO and Starkweather & Shepley Insurance Brokerage Inc. Business owners, nonprofit executives and HR managers are encouraged to attend. Space is limited, and registration is required. Sign-in begins at 8 a.m. and a complimentary breakfast will be served. For more information and to register, click seminar registration.
[back to top]