The FTC recently published two new resources for complying with the Health Breach Notification Rule. The Rule requires vendors of personal health records (PHR), PHR-related entities and service providers to these entities, to notify consumers and the FTC (and, in some cases, the media) in the event of a breach of unsecured identifiable health information. The guidance reaffirms and adds further clarity to the Agency’s broad interpretation of the Rule released in its policy statement last fall.
Continue Reading FTC Continues to Signal Interest in Digital Health Industry, Publishing Updated Resources

California’s governor recently signed SB 41 into law. The bill enacts the Genetic Information Privacy Act (GIPA). The governor rejected a similar bill last year over concerns about COVID-19 public health efforts. To address that concern, this bill exempts tests used to diagnose whether an individual has a specific disease.

Continue Reading California Enacts New Privacy Law for Genetic Data

The use of apps, wearables, and other devices used to track health and wellness data have continued to rise. The FTC again signaled its focus on this growing industry in a statement on the scope of the Health Breach Notification Rule. In the statement, the FTC called out specific types of apps and trackers that it views as having notification obligations under this rule.

Continue Reading FTC Warns Digital Health Industry to Comply with its Breach Notification Rule

The California AG recently reminded companies in the healthcare industry of potential data breach notification obligations beyond HIPAA. As ransomware attacks continue to rise, particularly in healthcare, companies should keep in mind the patchwork of state and federal health data privacy laws that may apply.

Continue Reading Breach of PHI? California AG Reminds Companies of Potential State Notification Obligations

The FTC recently voted to authorize the use of compulsory processes—the FTC’s primary investigatory tools—on what it calls “key law enforcement priorities.” The resolutions allow investigators to take actions like issuing subpoenas and civil investigations demands (commonly referred to as “CIDs”) in a variety of areas. Of note is the inclusion of both healthcare markets and technology platforms, signaling a potential FTC interest in those sectors.

Continue Reading FTC Signals Focus on Healthcare and Technology Platforms, Among Others