The Federal Trade Commission, the Department of Justice’s (DOJ) Antitrust Division, and the U.S. Department of Health and Human Services (HHS) are extending the deadline by 30 days for the public to comment on a tri-agency Request for Information (RFI) examining private-equity and other corporations’ increasing control over health care markets. The new deadline is now June 5, 2024.

At Lanton Law not only do we understand the issues, but we provide you with timely solutions to help you make informed decisions about either an acquisition target or ways to maximize value. We counsel clients by performing corporate due diligence, provide strategic advice for growth and business strategies as well as structuring and executing M&A transactions.

Contact us today to learn more

The U.S. Senate Finance Committee held a February 8, 2024 hearing titled “Artificial Intelligence and Health Care: Promise and Pitfalls.”

The following witnesses testified at the hearing:

• Peter Shen, Head of Digital & Automation for North America, Siemens Healthineers, Washington, DC

• Mark Sendak, MD, MPP, Co-Lead, Health AI Partnership, Durham, NC

• Michelle M. Mello, JD, Ph.D., Professor of Health Policy and of Law, Stanford University, Stanford, CA

• Ziad Obermeyer, MD, Associate Professor and Blue Cross of California Distinguished Professor, University of California – Berkeley, Berkeley, CA

• Katherine Baicker, Ph.D., Provost, University of Chicago, Chicago, IL

Senator Wyden (D-OR) made a few statements on AI. The Senator emphasized the importance of ensuring that AI in healthcare is used to improve patient outcomes and lower costs, rather than being driven by profit.. He also highlighted the need to address concerns regarding privacy, data security, and bias in AI algorithms.

Artificial Intelligence is clearly an emerging innovative field that is both exciting and risky. For tech and healthcare stakeholders, the possibilities can be endless when examining potential legal and regulatory pitfalls.

Lanton Law is a national boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments in the healthcare and technology spaces. Contact us to learn about how either our legal or lobbying services can help you attain your goals.

The U.S. House has passed the bipartisan Chips and Science Act of 2022. The bill can be viewed here. The bill aims to strengthen U.S. competitiveness with China by providing more than $52 billion for U.S. companies producing computer chips, as well as billions more in tax credits to encourage investment in chip manufacturing. It also provides tens of billions of dollars to fund scientific research, and to spur the innovation and development of other U.S. technologies.

This legislation will provide several opportunities for both technology companies and technology stakeholders to expand and thrive. 

Lanton Law is a national boutique law and lobbying firm that focuses on technology and healthcare. If you are a tech or healthIT industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The Federal Trade Commission (FTC) last month issued the FTC Report to Congress on Privacy and Security. 

What’s in the Report? 

According to the agency “This report responds to the Joint Explanatory Statement accompanying the Consolidated Appropriations Act, 2021, P.L. 116-260, directing the Federal Trade Commission (“Commission” or “FTC”) to “conduct a comprehensive internal assessment measuring the agency’s current efforts related to data privacy and security while separately identifying all resource-based needs of the FTC to improve in these areas. The agreement also urges the FTC to provide a report describing the assessment’s findings to the Committees [on Appropriations of the House and Senate] within 180 days of enactment of this Act.”

Additionally, “The report first provides an overview of the FTC’s authority related to privacy and security, highlighting certain recent efforts in those areas. Second, it discusses priorities for improving the effectiveness of our efforts to protect Americans’ privacy. Third, it identifies areas in which we could use additional resources to further ensure Americans’ privacy is protected. Finally, it discusses the need for Congressional action on the FTC’s authority.”

Lanton Law is a national boutique regulatory law and lobbying firm that focuses on healthcare/life science and technology. We continue to monitor the policy and legal developments around the FTC.

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The President’s request for fiscal year 2022 discretionary funding has been released. Below are a few mentions for cybersecurity:  

• To support agencies as they modernize, strengthen, and secure antiquated information systems and bolster Federal cybersecurity the discretionary equest recommends $500 million for the Technology Modernization Fund, an additional $110 million for the Cybersecurity and Infrastructure Security Agency, and $750 million as a reserve for Federal agency information technology enhancements.  

With increased hacking and ransomware attacks, cybersecurity is going to be more front and center for both policy and legal discussions. For example in this request by the Administration, the attack on SolarWinds Corp. and Microsoft Exchange’s email servers were expressly mentioned. For stakeholders that traffic in data, cybersecurity policies are essential. Ensuring compliance with federal and state requirements are key and we can help. 

Lanton Law is a national boutique law and lobbying firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

Congresswoman DelBene (D-WA) and Congressman Katko (R-NY) have introduced the Internet of Things (IoT) Readiness Act of 2021. The bill proposes to direct the Federal Communications Commission to collect and maintain data on the growth in the use of Internet of Things devices and devices that use 5G mobile networks in order to determine the amount of electromagnetic spectrum required to meet the demand created by such use, and for other purposes. The proposed legislation can be viewed here. Both legislators are the co-chairs of the Internet of Things Caucus. 

COVID-19 has directly resulted in ramping up our technology needs. We foresee policymakers placing more emphasis on infrastructure, especially around communications and technology so that our country can remain competitive. 

Lanton Law is a national boutique law and lobbying firm that focuses on technology and Health IT. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

As organizational needs evolve right now, businesses are looking for innovative ways to become efficient and manage risks. 

For years our team at Lanton Law have been helping businesses around the country remotely with a variety of transactional needs. 

Legal services include but not limited to:

• Contract drafting, review and negotiation

• Due diligence in transactional matters

• Change of ownership

• Corporate governance matters

• Employment matters

• Privacy and data security 

• Leases

• Business strategy and growth objectives

• Day to day operational matters

• Litigation readiness and response

• Pre-litigation dispute resolutions such as arbitration and mediation

• Regulatory compliance 

• Acquisition due diligence/transfer of ownership

• Payor network access   

Additionally, our government affairs services include:

• Federal and state lobbying

• Strategic consulting

• Bill composition/bill check service

• Submitting regulatory comments

• Regulatory monitoring

U.S. Senator Kirsten Gillibrand (D-NY) has announced the creation of new legislation titled the Data Protection Act. According to the Senator’s press release, the bill would create “the Data Protection Agency (DPA), an independent federal agency that would protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent. 

The DPA will have the authority and resources to effectively enforce data protection rules—created either by itself or congress—and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies. The DPA would promote data protection and privacy innovation across public and private sectors, developing and providing resources such as Privacy Enhancing Technologies (PETs) that minimize or even eliminate the collection of personal data. The U.S. is one of the only democracies, and the only member of the Organization for Economic Co-operation and Development (OECD), without a federal data protection agency.”

The proposed bill will have three core missions:

• Give Americans control and protection over their own data by creating and enforcing data protection rules

• Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace

• Prepare the American government for the digital age

Governmental oversight into data is showing no signs of slowing down. Gone are the days where you don’t have to worry about regulations in order to operate. If you are a healthcare, technology and financial services stakeholder, data privacy will be the most important issue to overcome within the next 10-20 years. Ensuring against breaches of personally identifiable information (PII), protected health information (PHI), personally identifiable financial information (PIFI), and other sensitive data will be key to compliance, trust and market competitiveness. Contact Lanton Law so that our experts can use their advocacy and legal services to help you prepare and succeed in a more interconnected world.   

Earlier this month, we released a blog post titled Tech Companies and the Uncertain Future of §230. In it we focused on what Section 230 of the Communications Decency Act is and how the tech community would be impacted by changes currently being debated by both sides of the political aisle in Congress. 

Interestingly, the Department of Justice (DOJ) has announced that it will hold a public workshop in Washington, D.C. on Feb. 19, 2020, titled “Section 230 – Nurturing Innovation or Fostering Unaccountability?” According to the DOJ the workshop will discuss the law, its expansive interpretation by the courts, its impact on the American people and business community, and whether improvements to the law should be made. 

Additionally, the Department stated “Following the public workshop, the Justice Department will invite stakeholders with diverse perspectives for private listening sessions and roundtables to seek additional input and discuss the problems, benefits, and potential improvements to Section 230.  The department will publish readouts on the various perspectives and debate from those meetings.”

Congressional officials have been increasing their desire to modify this law. Democrats have complained that the law allows tech companies to be lax in patrolling misinformation or violent extreme content while Republicans have advocated that the law prevents them from imposing actions against tech companies for removing conservative political content.  

As we continue to become an increasingly connected world, being able to digitally share content with each other is not likely to slow down anytime soon. However; the market and our intentions in sharing data have changed significantly since when section 230 was enacted in 1996. While major tech titans like Facebook, Twitter, Alphabet are at the center of this debate, we foresee that other tech stakeholders should take note of these developments and plan accordingly. We don’t believe that this debate will slow down at all so making adaption to section 230 is key. Contact Lanton Law for more details.      

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Interestingly, the case of Patel v. Facebook is an illustration of how this law applies to our growing dependence on technology. The question in Patel, is whether the collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing. According to the complaint, plaintiffs’ allege that Facebook subjected them to facial-recognition technology without complying with an Illinois statute intended to safeguard their privacy. Since the plaintiff did not allege substantive harm, the defendant moved to dismiss the case on Article III standing grounds. However; the Ninth Circuit stated that “Because a violation of the Illinois statute injures an individual’s concrete right to privacy, we reject Facebook’s claim that the plaintiff have failed to allege a concrete injury-in-fact for purposes of Article III standing.”

This case is in contrast to Santana v. Take-Two Interactive Software, Inc. who in 2017 interesting had the same Illinois law at issue. In this case plaintiff purchased NBA 2K15 and used the MyPlayer feature that allowed the creation of MyPlayer avatars. However; the Illinois Biometric Information Privacy Act’s private right of action allowed for plaintiff to allege that defendant “(1) collected their biometric data without their informed consent; (2) disseminated their biometric data to others during game play without their informed consent; (3) failed to inform them in writing of the specific purpose and length of term for which their biometric data would be stored; (4) failed to make publicly available a retention schedule and guidelines for permanently destroying plaintiffs’ biometric data; and (5) failed to store, transmit, or protect from disclosure plaintiffs’ biometric data by using a reasonable standard of care or in a manner that is at least as protective as the manner in which it stores, transmits, and protects other confidential and sensitive information.”

The Second Circuit in contrast to Patel, found that the plaintiff lacked standing for this claim because they did not allege that this deficient notice created any material risk that would have “resulted in plaintiffs’ biometric data being used or disclosed without their consent.”

So what happens now? First Santana is a summary order which means that this is not binding precedent on the Second Circuit. The Patel court attempted to distinguish itself from Santana by saying that in Patel unlike Santana, the plaintiff did not know that their biometric information was being collected. It seems like the U.S. Supreme Court may be the appropriate forum to settle this split decision by the Court of Appeals. This is especially true as Congress has not yet passed a federal biometric law that could put all questions to rest. Needless to say that as technology companies look for innovative ways to deliver advanced customer experiences, these stakeholders may want to forecast how their new products may be impacted by enacted laws like biometrics. Contact Lanton Law for additional information.  

Recently, we have learned of Amazon’s new hand scanning idea to revolutionize consumer interactions via fintech. The idea would involve creating a payment system that would biometrically scan a user’s hand to transfer payment from the user to Amazon, instead of via a credit card, phone application or cash. New point of sale terminals equipped with this technology would be placed in brick and mortar stores so that customers can “travel lighter” by not having to worry about carrying physical payment forms. There are early indications that Visa will be working with Amazon on this idea, along with potentially Mastercard, J.P. Morgan, Wells Fargo and others. While this theoretically sounds like a logical fit for where technology and banking or “fintech” is moving, are there laws in place that govern biometrics? 

Surprisingly, there is not a lot of established law on the issue of biometrics. We first started hearing about biometrics in 2014 with a Congressional bill titled the “Biometric Information Privacy Act,” also known as H.R. 4381. Sponsored by Representative Stockman (R-TX), the bill called for penalties to a business entity, governmental entity or person who knowingly (1) fraudulently obtains personal physiological biometric information relating to an individual; or (2) discloses personal physiological biometric information without permission from the individuals to which the personal physiological biometric information pertains. That bill did not get much traction. 

Congressional members have recently taken a cautious tone when dealing with Amazon’s cutting edge technology. For example, in late 2018 Rep. Jimmy Gomez (D-CA) joined by Senator Edward Markey (D-MA), Reps. Luis Gutiérrez (D-IL), John Lewis (D-GA), Judy Chu (D-CA), Ro Khanna (D-CA), Pramila Jayapal (D-WA), and Jan Schakowsky (D-IL) sent a letter to Amazon Chairman, President, and CEO Jeff Bezos, requesting information about Amazon’s facial recognition technology, branded and sold as “Amazon Rekognition. The letter expressed concern of the technology’s potential impact on communities of color. And while there are no federal rules outlining biometrics, we do see federal agencies speaking with the tech community on utilizing biometric technology for future unspecified projects.

State policy on this issue has been a bit of a mixed bag. While Illinois, Washington and Texas have biometric laws on the books, other states are following suit. Florida, Arizona, Massachusetts, Connecticut and New Hampshire to name a few are states that are debating biometrics, while California is about to undergo implementing its CCPA otherwise known as the California Consumer Privacy Act protections. We wrote a prior blog on the specifics of the new California law, which we believe will be a precursor to similar policies being developed in the near future.  

In conclusion, we expect fintech to continue to be ahead of the law as companies like Amazon push forward to create marketplace solutions that provide convenience and a relatable user experience.  The question becomes whether policymakers are comfortable with the pace of expansion and the awkwardness of proceeding with little to no regulatory oversight on something as personal to us as our biometrics.

Contact Lanton Law for additional information or for strategies on how to deal with unsettled legal and policy within biometrics. 

Oftentimes policy changes that sweep across the nation originate in policy “hot spots” like Massachusetts, California, New York, etc. This time its consumer privacy. As we rely more and more on the internet of things, artificial intelligence and fitness applications, we are unfortunately becoming more exposed to potential data breaches. If you operate in California, the California Consumer Privacy Act (CCPA) will be a defining factor in how you manage risks around consumer data. Approximately 500,000 businesses across all business sectors will have to comply with CCPA once the act goes into effect on January 1, 2020. 

So what is the CCPA? Passed in 2018 as AB 375, the Act models itself on Europe’s General Data Protection Regulation that went into effect recently. The bill awards California residents with the right to be informed on how companies collect and use their data. The law also allows their personal data to be deleted. CCPA creates a sliding scale approach by applying to California businesses who generate an annual gross revenue of $25 million with half of their annual revenue deriving from selling consumer information, or by companies that buy, sell or share personal information from at least 50,000 consumers, households or devices. 

Recently, the California legislature passed five bills seeking to amend CCPA in which Governor Gavin Newsom (D-CA) has until October 13, 2019 to sign or veto the legislation. Additionally, the state attorney general is expected to release draft regulations by the end of the year. Interestingly, an economic impact assessment prepared by a third party for the California Attorney General’s office stated that the new law could cost companies a total of up to $55 billion in initial compliance costs. 

So what is this important? Our society’s reliance on connectivity is not slowing down. The very companies that many of us interact with on a daily basis such as Amazon, Twitter and Facebook find themselves at the center of how they will comply with CCPA. But while this can be explained away as something that impacts only California, I have seen this type of legislation starting to spread to a cluster of other states. 

If you traffic in data, it will be a good idea to take inventory of your operational risks and whether your company will be able to comply if a similar law is enacted in your state. If you need assistance with regulatory compliance or are interested in finding out how your company can best engage with policymakers on this issue, don’t hesitate to reach out to us at either Lanton Strategies or Lanton Law.