The FTC recently announced that it had finalized the changes to the Health Breach Notification Rule (HBNR). This is roughly one year later from when the proposed changes were first released and three years later from the...more
As more and more states are enacting privacy laws, organizations in the health care industry may be wondering what the impact these laws will have on them. At this point, there are privacy laws in 12 states, with one more...more
The FTC and OCR at HHS are continuing to scrutinize the use of tracking technologies that may reveal information about a person’s health or health status. Both agencies recently sent a letter to a reported 130 hospitals and...more
7/25/2023
/ Data Collection ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Popular ,
Privacy Laws ,
Section 5 ,
Telehealth ,
Tracking Systems
The FTC recently proposed amendments to the Health Breach Notification Rule (HBNR). This is on trend with its aggressive interest over the last couple of years in health data not covered by HIPAA....more
6/27/2023
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments
On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. This law, named the “My Health My Data Act,” covers a very wide range of entities,...more
In this second post in our ongoing series, we examine the scope of rights given to consumers under the recently enacted My Health My Data Act... The law provides consumers several rights, all of which are in other privacy...more
5/4/2023
/ Consumer Privacy Rights ,
Data Protection ,
Digital Health ,
Enforcement ,
Non-Discrimination Rules ,
Privacy Laws ,
Right to Delete ,
Right-To-Access ,
State and Local Government ,
State Privacy Laws ,
Washington
On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. While the 2023 legislative season has been busy for state “comprehensive” privacy...more
In this third post in our ongoing series, we examine the scope of the consent requirements under the recently enacted My Health My Data Act. (Visit here for information about the scope of the law and here for information...more
The FTC is closing out 2022 with additional guidance for mobile health app developers signaling its continued interest in this industry. Since 2021, we have seen several steps from the agency demonstrating a focus on...more
12/9/2022
/ Breach Notification Rule ,
Data Privacy ,
Data Protection ,
Digital Health ,
Electronic Medical Records ,
Federal Food Drug and Cosmetic Act (FFDCA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
ONC ,
Privacy Laws
The metaverse has been described as the “next frontier” and the “new era” of healthcare. Although still a loosely defined and relatively broad term, the “metaverse” generally refers to a shared virtual environment accessed by...more
Utah recently joined California, Colorado, and Virginia in passing a comprehensive privacy law. It goes into effect December 31, 2023 and shares similarities with other states’ laws. Businesses may be glad to learn that Utah...more
The FTC recently published two new resources for complying with the Health Breach Notification Rule. The Rule requires vendors of personal health records (PHR), PHR-related entities and service providers to these entities, to...more
3/15/2022
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Healthcare ,
Medical Records ,
Policy Statement ,
Privacy Laws ,
Vendors
The digital health sector has been rapidly growing, and the demand is not expected to diminish. Those in the industry will want to keep in mind some key legal concerns in the coming year, which we outline in this recent...more
The use of digital health to deliver healthcare has seen unprecedented growth over the past few years, with significant acceleration due to the COVID-19 Public Health Emergency (PHE). As patients seek ways to empower...more
n December 22, 2021, the Food and Drug Administration (FDA) issued a draft guidance for sponsors, investigators, and other interested parties on using digital health technologies (DHT) to acquire data remotely from...more
1/7/2022
/ Clinical Trials ,
Comment Period ,
Coronavirus/COVID-19 ,
Data Collection ,
Data Privacy ,
Digital Health ,
Food and Drug Administration (FDA) ,
Investigations ,
Medical Devices ,
New Guidance ,
Technology Sector
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The...more
10/18/2021
/ Amended Legislation ,
Biometric Information ,
California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Healthcare ,
Personal Information ,
Privacy Laws
California’s governor recently signed SB 41 into law. The bill enacts the Genetic Information Privacy Act (GIPA). The governor rejected a similar bill last year over concerns about COVID-19 public health efforts. To address...more
10/13/2021
/ California ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Data Privacy ,
Data Security ,
Digital Health ,
Digital Privacy Act ,
Governor Newsom ,
Healthcare ,
New Legislation ,
Privacy Laws ,
State Privacy Laws
The use of apps, wearables, and other devices used to track health and wellness data have continued to rise. The FTC again signaled its focus on this growing industry in a statement on the scope of the Health Breach...more
9/21/2021
/ Breach Notification Rule ,
Data Privacy ,
Digital Health ,
Digital Privacy Act ,
Enforcement ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mobile Health Apps ,
Personally Identifiable Information ,
PHI
Many digital health app developers offering health and wellness solutions directly to consumers may find themselves in a space unregulated by the Health Insurance Portability and Accountability Act (“HIPAA”). While...more
The US Food and Drug Administration (FDA) published an Action Plan for artificial intelligence (AI) and machine learning (ML) software on January 12, 2021 that provides near-term actions to develop a regulatory framework for...more