Healthcare and Privacy News

The CAIO should not just understand both of those disciplines, but intuit what AI is good and bad, what’s scalable, and whether it’s the right fit, says Sameer Sethi, the New Jersey health system’s chief AI and insights officer.

ASTP has released the 2025 SAFER Guides, which aim to improve health systems’ adherence to electronic health record best practices. They were updated by clinicians with informatics training and informaticians with clinical experience.

The U.S. National Institute for Standards and Technology published a draft update to its Privacy Framework to assist organizations in integration alongside NIST’s Cybersecurity Framework. The draft update to the Privacy Framework is geared toward helping “manage the privacy risks that arise from personal data flowing through complex information technology systems.” Public comment on the draft is open through 13 June.Full story

In an interview with CNN, Microsoft AI CEO Mustafa Suleyman acknowledged, while there have been real-world harms through the increased use of AI, the “net-net” impact on society at-large has been positive. When asked what guardrails should be in place to ensure safe AI development, Suleyman said, “This is a moment where we’re going to need to believe and trust in our companies and rely on them to do the right thing.”Full story

The Office of the Australian Information Commissioner outlined plans to develop the Children’s Online Privacy Code. The process will have three phases, including general consultation and research papers covering impacts to specific age groups. The OAIC expects a draft code will be submitted for public consultation in 2026.Full story

More than two weeks after the European Commission’s own deadline to issue potential Digital Markets Act penalties against Apple and Meta, the rulings are still pending, Politico reports. There has not been an official statement on when the DMA fines may be handed down, while speculation grows regarding the impact of EU-U.S. trade relations on the potential penalties.Full story

The Netherlands’ data protection authority, the Autoriteit Persoonsgegevens, ordered 50 organizations to stop using misleading cookie banners or face investigation as part of its website monitoring program. The agency cited preemptive cookie placement, obstructive refusal policies and checking the permission box as the default option as potential infractions.Full story

Axios reports solutions provider Virtue AI raised USD30 million with a focus on developing more AI safety and security tools. The platform offers red teaming, a set of guardrails to prevent violation of internal policies or laws and specific guardrails for agentic products.Full story

Massachusetts Institute of Technology researchers used their privacy metric, the PAC Privacy framework, to create a guide aiming to protect AI training data while promoting efficient AI algorithms. MIT Senior Author Srini Devadas said researchers “want to explore how algorithms could be co-designed with PAC Privacy, so the algorithm is more stable, secure, and robust from the beginning.”Full story

Norway’s data protection authority, Datatilsynet, noted Meta will start training its AI on photos from EU Facebook and Instagram users at the end of May. The Datatilsynet detailed what kinds of information could be used in the training and said it has asked Meta questions about the compatibility of the training with the original purpose of the collected information.Full story

U.S. lawsuits against The Trade Desk claimed the advertising company violated consumer privacy regulations after it allegedly collected consumer information for advertising purposes without consent, AdWeek reports. Plaintiffs claimed The Trade Desk’s Unified ID 2.0 tracking technology “has been secretly harvesting and monetizing directly identifiable user data from millions of U.S. residents without their knowledge.” Editor’s note: The IAPP Research and Insights team explored growing trends in U.S. data privacy litigation.Full story

China claimed the U.S. National Security Agency launched cyberattacks that targeted critical infrastructure, affecting various government industries during the Asian Winter Games, Reuters reports. The alleged data security incident targeted Asian Winter Games athletes’ personal data and breached confidential information.Full story

Dr. Ateev Mehrotra, chair of the school’s department of health services, policy and practice, discusses the frustrations and promise of telehealth reimbursement and regulation – and describes how the current situation is stifling virtual care innovation.

Time magazine reports on the implications of Webcamgate, a 2010 lawsuit against Philadelphia-based school district concerning claims it unlawfully surveilled students from school-issued devices. With an increase in schools providing students with technology for educational purposes, the docuseries about WebcamGate, “Spy High,” claimed 88% of U.S. schools use monitoring services to track students.Full story

Bloomberg Law reports on the proliferation of privacy and surveillance issues stemming from connected vehicles and license plate readers. Privacy advocates are particularly alarmed by transparency around the use of in-car and on-road surveillance practices by law enforcement. Full story