Digital Health

FTC and Other Regulators Continue to Signal Interest in Mobile Health Apps

By Julia Kadish on December 8, 2022

Posted in Digital Health, Healthcare Privacy, Mobile Privacy, US Privacy

The FTC is closing out 2022 with additional guidance for mobile health app developers signaling its continued interest in this industry. Since 2021, we have seen several steps from the agency demonstrating a focus on companies that collect health information but may not be a covered entity or business associate under HIPAA. This includes publishing additional resources, releasing commentary broadly interpreting the FTC’s Health Breach Notification Rule, and enforcement activity. Most recently, the FTC and other key regulators updated its “Mobile Health App Interactive Tool”.…

Continue Reading FTC and Other Regulators Continue to Signal Interest in Mobile Health Apps

The Beehive State Joins the State Privacy Law Hive: Utah Privacy Law Passes

By Liisa Thomas & Julia Kadish on March 28, 2022

Posted in Digital Health, Privacy Management, Rights Requests, US Privacy, Utah Privacy

Utah recently joined California, Colorado, and Virginia in passing a comprehensive privacy law. It goes into effect December 31, 2023 and shares similarities with other states’ laws. Businesses may be glad to learn that Utah takes a lighter touch in some key areas.
Continue Reading The Beehive State Joins the State Privacy Law Hive: Utah Privacy Law Passes

FTC Continues to Signal Interest in Digital Health Industry, Publishing Updated Resources

By Julia Kadish on March 15, 2022

Posted in Digital Health, FTC, Healthcare Privacy, US Privacy

The FTC recently published two new resources for complying with the Health Breach Notification Rule. The Rule requires vendors of personal health records (PHR), PHR-related entities and service providers to these entities, to notify consumers and the FTC (and, in some cases, the media) in the event of a breach of unsecured identifiable health information. The guidance reaffirms and adds further clarity to the Agency’s broad interpretation of the Rule released in its policy statement last fall.
Continue Reading FTC Continues to Signal Interest in Digital Health Industry, Publishing Updated Resources

Digital Health Trends and Privacy: What to Watch in 2022

By Julia Kadish on February 4, 2022

Posted in Digital Health, Healthcare Privacy, HIPAA, Privacy, Privacy Management

The digital health sector has been rapidly growing, and the demand is not expected to diminish. Those in the industry will want to keep in mind some key legal concerns in the coming year, which we outline in this recent article. Privacy and cybersecurity features among these, and include more than just HIPAA concerns. There is an ever-growing patchwork of state and federal privacy laws that are being applied to the industry. At the same time, cyber threat actors are finding ways to attack even the most prepared companies in the digital health space.
Continue Reading Digital Health Trends and Privacy: What to Watch in 2022

FTC 2022 Regulatory Priorities to Include Privacy and Security

By Julia Kadish & Liisa Thomas on December 22, 2021

Posted in Children’s privacy, Digital Health, Financial Privacy, FTC, Healthcare Privacy, US Privacy

As we look to 2022, a question on many companies’ minds is what actions we will see from the FTC. Two recent developments are important on that front.
…
Continue Reading FTC 2022 Regulatory Priorities to Include Privacy and Security

California Enacts New Privacy Law for Genetic Data

By Julia Kadish & Harrison Schafer on October 12, 2021

Posted in California Privacy, Digital Health, Digital Privacy, Healthcare Privacy

California’s governor recently signed SB 41 into law. The bill enacts the Genetic Information Privacy Act (GIPA). The governor rejected a similar bill last year over concerns about COVID-19 public health efforts. To address that concern, this bill exempts tests used to diagnose whether an individual has a specific disease.
…
Continue Reading California Enacts New Privacy Law for Genetic Data

FTC Warns Digital Health Industry to Comply with its Breach Notification Rule

By Julia Kadish on September 20, 2021

Posted in Digital Health, Digital Privacy, FTC, Healthcare Privacy

The use of apps, wearables, and other devices used to track health and wellness data have continued to rise. The FTC again signaled its focus on this growing industry in a statement on the scope of the Health Breach Notification Rule. In the statement, the FTC called out specific types of apps and trackers that it views as having notification obligations under this rule.
…
Continue Reading FTC Warns Digital Health Industry to Comply with its Breach Notification Rule

NIST Plans to Update HIPAA Security Guidance – Asks for Comments

By Julia Kadish, Susan Ingargiola & Ariana Stobaugh on May 14, 2021

Posted in Data Security, Digital Health, Healthcare Privacy

Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the HIPAA Security Rule standards and explains the structure and organization of the Security Rule.
Continue Reading NIST Plans to Update HIPAA Security Guidance – Asks for Comments

States Continue to Step in to Safeguard Genetic Information

By Julia Kadish on March 29, 2021

Posted in Digital Health, Healthcare Privacy

Utah’s governor recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May, is aimed at protecting genetic data collected from direct-to-consumer genetic testing companies. Generally, the law creates requirements for (i) notice; (ii) consent for certain data uses; (iii) data security obligations; and (iv) access, deletion, and destruction rights.
Continue Reading States Continue to Step in to Safeguard Genetic Information

What Is FTC’s Course Under Biden?

By James Fazio & Liisa Thomas on March 11, 2021

Posted in Biometrics, Children's Privacy, Consumer Privacy, Digital Health, FTC, Healthcare Privacy

The new acting FTC chair, Rebecca Kelly Slaughter, recently signaled that the FTC may increase enforcement and penalties in the privacy and data security realm. Slaughter pointed to several areas of focus for the FTC this year, which companies will want to keep in mind:…
Continue Reading What Is FTC’s Course Under Biden?

What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?

By Elfin Noce, Liisa Thomas & Susan Ingargiola on February 8, 2021

Posted in Data Breach, Data Security, Digital Health, FTC, Healthcare Privacy

Will HHS’ approach for imposing penalties in the aftermath of a data breach become a little clearer in 2021? This is a distinct possibility in the wake of a Fifth Circuit decision vacating penalties against MD Anderson Cancer Center. The hospital suffered three data breaches, leading HHS to impose over $4 million in civil penalties. That fine was reversed recently by the Fifth Circuit as arbitrary, capricious, and contrary to law.
Continue Reading What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?

Eye On Privacy