Summary: <br> In this Spotlight edition of The Security Ledger Podcast, sponsored by RSA Security<a href="#sponsor">*</a>, the Chief Privacy Officer at Nemours Healthcare, Kevin Haynes, joins us to talk about the fast evolving privacy demands on healthcare firms and how the Chief Privacy Officer role is evolving to address new privacy and security threats. <br> <br> <br> <br> <br> <br> <br> <br> In just a couple weeks The <a href="https://www.caprivacy.org/">California Consumer Privacy Act</a> – or CCPA – will take effect. Considered the most comprehensive data privacy law in the country, the CCPA could become <a href="https://www.americanbar.org/groups/science_technology/publications/scitech_lawyer/2019/spring/are-eu-gdpr-and-california-ccpa-becoming-de-facto-global-standards-data-privacy-and-protection/">a de-facto federal standard</a> akin to the EU’s GDPR, at least in the absence of a matching federal law. <br> <br> <br> <br> The law, enforcement of which begins in July, 2020, will be a wake up call to many industries that have made a business of collecting, mining and even re-selling their customers data. One industry that is unlikely to be phased by the new requirements, however, is healthcare. That’s because a comprehensive <a href="https://www.americanbar.org/groups/science_technology/publications/scitech_lawyer/2019/spring/are-eu-gdpr-and-california-ccpa-becoming-de-facto-global-standards-data-privacy-and-protection/">patient data privacy law, HIPAA</a>, has governed that industry for more than two decades. <br> <br> <br> <br> <a href="https://securityledger.com/2019/11/spotlight-podcast-rsa-cto-zulfikar-ramzan-on-confronting-digital-transformations-dark-side/" target="_blank" rel="noreferrer noopener">Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side</a><br> <br> <br> <br> Healthcare Industry beset by Changes<br> <br> <br> <br> Kevin Haynes is the Chief Privacy Officer at Nemours Healthcare. <br> <br> <br> <br> But the existence of a strong federal data protection law for patient health information doesn’t leave the healthcare industry immune from controversies, risks or questions about the extent of privacy protections. That’s especially true as a new generation of connected medical devices work their way into clinical settings, <a href="https://securityledger.com/2019/05/microsoft-bluekeep-flaw-threatens-medical-devices-iot/">exposing them to cyber and operational risks in new ways</a>. And, as data hungry firms like Google look to expand their reach into the massive healthcare industry, healthcare firms are needing to balance their interest in new treatments and better customer service against the privacy rights and concerns of their members. Concerns about data privacy and the abuse of medical information, for example, has <a href="https://www.nature.com/articles/d41586-019-03574-5">dogged initiatives like Google’s Project Nightingale </a>since its inception. <br> <br> <br> <br> The Role of Healthcare CPO: Beyond HIPAA<br> <br> <br> <br> To learn more about the unique challenges facing healthcare organizations, we invited <a href="https://www.linkedin.com/in/khayneswww/">Kevin Haynes, the Chief Privacy Officer</a> of the <a href="https://www.nemours.org/about.html">Nemours Foundation </a> – a pediatric health provider in six states and the District of Columbia – about how the role of Chief Privacy Officer is changing and adapting to the challenges and threats facing healthcare organizations. <br> <br> <br> <br> <a href="https://securityledger.com/2018/12/massive-marriott-breach-underscores-risk-of-overlooking-data-liability/" target="_blank" rel="noreferrer noopener">Massive Marriott Breach Underscores Risk of overlooking Data Liability</a><br> <br> <br> <br> Haynes says that – despite laws like HIPAA and even CCPA- privacy protecti...
