This week Apple posted a new job opening for a healthcare privacy lawyer that includes a particular emphasis on HIPAA. The position, titled "Privacy Counsel - HIPAA, Health". Apple declined to comment.
UPDATE: While many publications have indicated that the job opening was a new position at Apple, a quick search of LinkedIn shows a number of privacy-focused counsels and directors currently employed at Apple. Interestingly, Candace Martin held the position "Privacy Counsel" at Apple from January 2015 until April 2016. The job posting went up the first week of May. Martin is now the Global Privacy Director at pharmaceutical distribution and health IT company McKesson. Prior to her time at Apple she spent more than six years at Hogan Lovells as an associate focused on HIPAA compliance with provider, pharma, tech and payer clients. Suffice it to say this job opening is not Apple's first HIPAA-savvy hire.
Here's how Apple describes the job, which will be based in Santa Clara Valley, California: "As Privacy Counsel you will have the opportunity to work with a dynamic and experienced team on privacy issues impacting Apple’s business and products across the globe. You will work directly with business and engineering teams to design innovative privacy solutions for products as well as across the legal department on Apple activities and regulatory issues."
It goes on to explain: "At Apple we are about creating great products. Part of making products great is designing products that respect consumer security and privacy. This role offers the opportunity to work directly with key members of the business, engineering and legal teams on a variety of cutting edge projects including: privacy by design reviews and projects; assist with privacy complaints and breaches; support compliance and auditing frameworks; advise on privacy aspects of licensing and procurement deals and corporate acquisitions; assist with drafting of policies and procedures surrounding privacy laws."
Apple describes CareKit as "a framework for developers to build apps that" let people "better understand and manage [their] medical conditions." At launch the initial few CareKit apps included one for home monitoring of Parkinson's, which is being used by various healthcare providers, and one for post-surgical discharge, which Texas Medical Center is using. The University of Rochester Medical Center, UCSF, Parkinson's Disease Care New York, Stanford Medicine, Johns Hopkins Medicine, and Emory Healthcare all announced plans to use the CareKit Parkinson's app around the time of Apple's CareKit launch announcement.
Earlier this year Apple and the FBI had a high-profile, legal stand-off when the company refused to provide the FBI with backdoor access to a terrorist's iPhone. At the time, Apple CEO Tim Cook said that the protection of consumer privacy is paramount, and that Apple creating a program to unlock an iPhone and turning that program over to the FBI would endanger the security of the data, including personal health information, on every iPhone user’s device.
At the time Lynne A. Dunbrack, vice president at research and consulting firm IDC Health Insights, explained how that scenario could lead to HIPAA violations.
“HIPAA mandates that protected health information created by covered entities be encrypted,” Dunbrack said at the time. “If the FBI succeeds and forces Apple to create a backdoor to unlock the iPhone, then what happens if that backdoor technology falls into the wrong hands? Information stored on the device would be vulnerable to hacking, and if the device was owned by a clinician or healthcare organization, the covered entity responsible for that data could face stiff HIPAA penalties if protected health information is compromised.”
The FBI ended up dropping the case after claiming to find a way to unlock the device themselves.