On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).
FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
Carolyn MetnickCarolyn V. Metnick represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. She advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. Carolyn advises clients on a range of privacy and security laws, including HIPAA and the California Consumer Privacy Act (CCPA). She also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. Carolyn is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E). Read Carolyn V. Metnick's full bio.
Edward G. ZachariasEdward (Ed) G. Zacharias focuses his practice on complex transactions and regulatory compliance matters. He represents hospitals and health systems, academic medical centers, physician group practices, post-acute care providers, health information technology vendors, biotech companies, insurers, pharmaceutical companies and a variety of other health care entities. Read Edward Zacharias' full bio.
Brian BoyleBrian J. Boyle is an accomplished litigator and business lawyer who focuses his practice on antitrust and consumer protection law. He represents clients in complex litigation and investigations, merger control, compliance and government strategies.Read Brian J. Boyle's full bio.
Sam SiegfriedSam Siegfried’s practice focuses on the intersection of healthcare data privacy, healthcare operations and healthcare transactions, with an emphasis on developing and executing data licensing arrangements, research collaboration agreements and other data-driven deals in the healthcare space. Sam’s in-house experience with an academic medical center and a healthcare technology and precision medicine company provides him with unique perspectives on the key issues healthcare clients consider when exploring these complex arrangements. Sam’s thorough due diligence in healthcare data collaborations, mergers and acquisitions, and venture-backed investments enables him to proactively address potential privacy or data exchange pitfalls early in the transaction process, clearing the path for successful deals and innovative collaborations in the healthcare space. Read Sam Siegfried’s full bio.
Related Posts
- Protecting the Telehealth Consumer: FTC and State-Based Considerations
- VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World
- A Net-Neutral Decision for Health Care? What Providers Can Expect in the Wake of Net Neutrality Repeal
- COVID-19 Vaccine Q&A
- Access to Digital Health Applications and Digital Care Applications in Germany
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- IRS Provides Further Guidance on COBRA Election and Payment Deadlines
- Corporate Governance and the Permanency of COVID-19
- Checklists for Your Board’s Executive Compensation Committee
- Employers on Hook for Mental Health Parity Despite New Target
- Supreme Court Agrees to Review Medicare Payment Cuts to 340B Drugs
