Healthcare: Technology & Data Privacy


Henry Davis York's healthcare technology & data privacy team advises healthcare public & private sector clients on large-scale enterprise-wide technology projects, including outsourcing and managed services initiatives, cloud computing and virtualisation projects, and ICT and business process procurement arrangements. We are regularly called upon to advise our clients on technology commercialisation initiatives, including the design and development of front-end customer-facing digital innovations (eg the interaction with the platforms of Electronic Medical Record ("EMR") providers).

We have extensive experience advising on privacy implications, the use and disclosure of data, security of data, cross border disclosure of information and implementation of privacy management frameworks, including the conduct of Privacy Impact Assessments.

Our experience

  • Advising a national healthcare provider on the upgrade of IT systems and major restructure of IT&T support operations, including the disengagement from the incumbent, transition of services in-house and implementation of a next generation healthcare platform and associated outsourced services.
  • Advising a medical device manufacturer & associated software developer on all matters relating to data retention, privacy, IP protection and product distribution as well as its engagement with EMR providers.
  • Advising a biopharmaceutical company on privacy statements and privacy law in relation to a patient support program (web-based) and a new medical information database.

Health in the Age of the Data Revolution

With increased regulator attention, criminal sophistication and data connectivity from numerous sources, we have a "perfect storm" for significant risk scenarios. And with the advent of mandatory data breach reporting in February next year, there will be a free data base for plaintiff lawyers, regulators and criminals to mine.
Our experience shows issues flow from the combination of human error or unauthorised access (the majority of which will be employee related, but some will be the result of external criminal activity) plus a systems failure of some sort. Looked at this way, there are many steps you can take to minimise the risk, and to manage it when it does arise. HDY is helping its clients navigate this through appropriate governance and policy frameworks, training, privacy impact assessments, threat reviews/ audits, and data breach response plans. Please get in touch with one of the team for further details.
Matthew McMillan

I am about delivering excellence and what matters most to our clients. I am not constrained by traditional ways of thinking.

Peter Mulligan

I am passionate about the success of the firm's clients and doing everything to ensure we exceed expectations.