On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).
FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope

Carolyn V. Metnick represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. She advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. Carolyn advises clients on a range of privacy and security laws, including HIPAA and the California Consumer Privacy Act (CCPA). She also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. Carolyn is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E). Read Carolyn V. Metnick's full bio.

Edward (Ed) G. Zacharias focuses his practice on complex transactions and regulatory compliance matters. He represents hospitals and health systems, academic medical centers, physician group practices, post-acute care providers, health information technology vendors, biotech companies, insurers, pharmaceutical companies and a variety of other health care entities. Read Edward Zacharias' full bio.

Sam Siegfried’s practice focuses on the intersection of healthcare data privacy, healthcare operations and healthcare transactions, with an emphasis on developing and executing data licensing arrangements, research collaboration agreements and other data-driven deals in the healthcare space. Sam’s in-house experience with an academic medical center and a healthcare technology and precision medicine company provides him with unique perspectives on the key issues healthcare clients consider when exploring these complex arrangements. Sam’s thorough due diligence in healthcare data collaborations, mergers and acquisitions, and venture-backed investments enables him to proactively address potential privacy or data exchange pitfalls early in the transaction process, clearing the path for successful deals and innovative collaborations in the healthcare space. Read Sam Siegfried’s full bio.
Related Posts
- Protecting the Telehealth Consumer: FTC and State-Based Considerations
- Digital Health 2021 Year in Review
- VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World
- A Net-Neutral Decision for Health Care? What Providers Can Expect in the Wake of Net Neutrality Repeal
- COVID-19 Vaccine Q&A
BLOG EDITORS
STAY CONNECTED
TOPICS
ARCHIVES
RECENT POSTS
- Mature ESOPs: Remodeling the House You Own
- Proposed Minimum Distribution Regulations Prompt Concerns
- New Jersey High Court Upholds Jersey City Payroll Tax
- See What’s Next with McDermott+Consulting’s 340B Ligitation Tracking Tool
- Homework and Deadlines Matter: New IRS Pre-Audit Compliance Program for Retirement Plans

