Important FTC Rules for Health Apps Outside of HIPAA
Cybersecurity and privacy attorneys Marissa Serafino, Ashley Thomas and Shannon Hartsfield co-authored an article for Pratt's Cybersecurity & Privacy Law Report about a recent policy statement from the Federal Trade Commission (FTC) reminding digital health app developers of their obligations under the Health Breach Notification Rule. Under this rule, businesses not covered by the Health Insurance Portability and Accountability Act (HIPAA) must notify customers when a breach of personal electronic health information occurs. The policy statement indicates a new commitment from the FTC to enforce the rule. This article explains what companies need to know about the rule and analyzes questions raised by the FTC's statement.
The authors also published a Holland & Knight alert on this topic.