FTC Expands Health Breach Notification Rule: What It Means for Health Apps, HIEs, and the Future of Health Data Privacy

FTC Expands Health Breach Notification Rule: What It Means for Health Apps, HIEs, and the Future of Health Data Privacy

by | May 15, 2024 | , , , ,

The FTC has finalized significant changes to the Health Breach Notification Rule (HBNR), a regulation originally designed to ensure that personal health records (PHRs) and similar digital health platforms notify consumers in the event of a data breach. These updates clarify the rule’s applicability to technologies outside the scope of HIPAA and impose stricter notification and transparency requirements on companies handling sensitive health data. The amendments also carry broad implications for HIEs and HINs, which are at the forefront of data interoperability and patient information sharing.

read more
Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

by | Jun 19, 2023 | , , ,

Genetic testing companies, and those who partner with them, must take care to ensure that the scope of how consumers’ sensitive data is used and shared in the future aligns with the scope of consent that was granted by the consumer at the point of collection. The FTC found that a California-based genetic testing company informed consumers that it would only share consumers’ sensitive health and other personal information “in limited circumstances,” but then expanded sharing such information with new third parties, like supermarket chains. The FTC has now stepped up to protect consumers’ sensitive genetic information.

read more
AHA Writes Letter to HHS and Pushes Back on OCR’s Online Tracking Guidance

AHA Writes Letter to HHS and Pushes Back on OCR’s Online Tracking Guidance

by | May 30, 2023 | , , ,

After OCR created a Morton’s Fork for hospitals and health systems by publishing its HIPAA Guidance on the Use of Online Tracking Technologies, the American Hospital Association initially stayed out of the fray. Not any more. In its letter dated May 22, 2023, AHA makes its case to HHS as to why OCR’s Online Tracking Guidance should be suspended or amended.

read more
FTC Finds that Ovulation Tracking App Violated the Health Breach Notification Rule

FTC Finds that Ovulation Tracking App Violated the Health Breach Notification Rule

by | May 18, 2023 | , , ,

The FTC releases its second enforcement action under the Health Breach Notification Rule in just over 3 months. This time, the FTC found that a fertility app called Premom shared sensitive fertility information with third parties for unauthorized purposes. While Premom told its users that it would not share their health information with third parties without users’ consent, it used third-party automated tracking tools known as software development kits (SDKs) which shared highly sensitive health information (e.g., data about an individual user’s sexual & reproductive health, pregnancy status etc.) for advertising and marketing purposes.

read more

Archives