On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).
FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
Carolyn MetnickCarolyn V. Metnick represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. She advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. Carolyn advises clients on a range of privacy and security laws, including HIPAA and the California Consumer Privacy Act (CCPA). She also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. Carolyn is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E). Read Carolyn V. Metnick's full bio.
Edward G. ZachariasEdward G. Zacharias is the managing partner of McDermott’s Boston office. Clients across the healthcare industry and beyond turn to him for practical, business-oriented counsel on their most significant privacy and cybersecurity compliance, healthcare regulatory and transactional matters. Ed’s clients include “Big Tech” companies, health information technology and digital health companies, healthcare providers, insurers, electronic health record platforms, pharmacies, drug and device manufacturers, life sciences companies and health services vendors. Read Edward Zacharias' full bio.
Sam SiegfriedSam Siegfried’s practice focuses on the intersection of healthcare data privacy, healthcare operations and healthcare transactions, with an emphasis on developing and executing data licensing arrangements, research collaboration agreements and other data-driven deals in the healthcare space. Sam’s in-house experience with an academic medical center and a healthcare technology and precision medicine company provides him with unique perspectives on the key issues healthcare clients consider when exploring these complex arrangements. Sam’s thorough due diligence in healthcare data collaborations, mergers and acquisitions, and venture-backed investments enables him to proactively address potential privacy or data exchange pitfalls early in the transaction process, clearing the path for successful deals and innovative collaborations in the healthcare space. Read Sam Siegfried's full bio.
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- CMS Issues Guidance on Usage of AI in Making Coverage Determinations
- 2024 Chart of Healthcare Regulations
- Potential Election Year Shakeup: Regulatory Implications of the Congressional Review Act
- Lessons from Ryan S. v. UnitedHealth Group for the 2023 MHPAEA Proposed Rule
- Hospital Settles With OCR for $4.75 Million Over HIPAA Violations
