On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).
FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
Carolyn MetnickCarolyn V. Metnick represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. She advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. Carolyn advises clients on a range of privacy and security laws, including HIPAA and the California Consumer Privacy Act (CCPA). She also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. Carolyn is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E). Read Carolyn V. Metnick's full bio.
Edward G. ZachariasEdward (Ed) G. Zacharias focuses his practice on complex transactions and regulatory compliance matters. He represents hospitals and health systems, academic medical centers, physician group practices, post-acute care providers, health information technology vendors, biotech companies, insurers, pharmaceutical companies and a variety of other health care entities. Read Edward Zacharias' full bio.
Sam SiegfriedSam Siegfried’s practice focuses on the intersection of healthcare data privacy, healthcare operations and healthcare transactions, with an emphasis on developing and executing data licensing arrangements, research collaboration agreements and other data-driven deals in the healthcare space. Sam’s in-house experience with an academic medical center and a healthcare technology and precision medicine company provides him with unique perspectives on the key issues healthcare clients consider when exploring these complex arrangements. Sam’s thorough due diligence in healthcare data collaborations, mergers and acquisitions, and venture-backed investments enables him to proactively address potential privacy or data exchange pitfalls early in the transaction process, clearing the path for successful deals and innovative collaborations in the healthcare space. Read Sam Siegfried’s full bio.
Related Posts
- Protecting the Telehealth Consumer: FTC and State-Based Considerations
- Washington State Legislature Passes My Health My Data Act
- Navigating Data Privacy Questions Post-Dobbs
- Digital Health 2021 Year in Review
- VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- IRS Issues Reminder that Claims Under Health and Dependent Care FSAs Must Be Substantiated
- Buyer Beware: The Newest Wave of Hospital/Fixed Indemnity Programs Promising Payroll Tax Savings
- CMS Releases Proposed Rule: Medicaid Program; Ensuring Access to Medicaid Services
- Bipartisan Health Bills Pick Up Steam, but Contentious Debt Ceiling Negotiations Continue
- CMS Ups Hospital Price Transparency Enforcement, Seeks More Authority from Congress
