FTC

On January 21, the Federal Trade Commission (“FTC”) announced new resources to help companies determine their obligations under the Health Breach Notification Rule (the “Rule”): the Health Breach Notification Rule: Basics for Business, which provides a quick introduction to the Rule, and Complying with FTC’s Health Breach Notification Rule (“Compliance Guidance”), a more in-depth compliance guidance.  These resources follow the FTC’s September 2021 Policy Statement, which expanded the Rule’s application to the developers of health apps, connected devices, and similar products, and similarly emphasize the FTC’s continued scrutiny of health technology.
Continue Reading FTC Releases New Health Breach Notification Rule Guidance, Targets Health Apps and Connected Devices

The Federal Trade Commission (“FTC”) announced this month a proposed settlement against Flo Health, Inc. (“Flo”), the developer of popular menstrual cycle and fertility-tracking application (the “Flo App”), resolving allegations that “the company shared the health information of users with outside data analytics providers after promising that such information would be kept private.”  The proposed settlement requires Flo, among other things, to obtain review by an “independent third-party professional” of its privacy practices, obtain users’ consent before sharing their health information, alert users whose data was disclosed, and require third-parties that previously received that data to destroy it.
Continue Reading FTC Reaches Settlement with Digital Health App, Requires First Notice of Privacy Action

On May 8, 2020, the Federal Trade Commission (“FTC”) issued a notice soliciting public comment regarding whether changes should be made to its Health Breach Notification Rule (the “Rule”).  The request for comment is part of a periodic review process “to ensure that [FTC rules] are keeping pace with changes
Continue Reading FTC to Consider Changes to the Health Breach Notification Rule

On April 8, 2020, the Federal Trade Commission (“FTC”) released a blog post about the use of artificial intelligence (“AI”) and algorithms in automated decisionmaking. The blog highlighted the potentially great benefits and risks presented by increasingly sophisticated technologies, particularly in the “Health AI” space. However, it also emphasized that
Continue Reading AI Update: FTC Provides Guidance on Use of AI and Algorithms

On April 5, the Federal Trade Commission (FTC), in conjunction with the Food and Drug Administration (FDA) and the Department of Health and Human Services (HHS), released a new web-based interactive tool to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy.

The interactive tool consists of 10 questions designed to identify whether a particular mobile health app is subject to any of the following federal laws:

  • the privacy, security and breach notification rules issued under the Health Insurance Portability and Accountability Act (HIPAA);
  • the Food, Drug, and Cosmetic Act (FDCA);
  • the Federal Trade Commission (FTC) Act; and
  • the breach notification rules issued by the FTC.

Regardless of whether mobile apps are subject to any of these federal laws, the guidance directs app developers to newly issued FTC best practices for protecting the privacy and security of consumer data.Continue Reading FTC Releases Online Tool to Help Health App Developers Identify Applicable Laws

Federal Trade Commission (FTC) chairwoman Edith Ramirez’s remarks at the International Consumer Electronics Show on Tuesday signal that FTC may be paying increased attention to privacy and security issues in the mobile health industry.

The speech focused on how “the introduction of sensors and devices into currently intimate spaces – like our homes, cars, and even our bodies” results in increased data sensitivity and heightened challenges for consumer protection.  Those challenges, according to Ramirez, stem from three overarching issues: (1) ubiquitous data collection; (2) using data in ways consumers don’t expect (and the adverse consequences of such use); and (3) heightened security risks.

While FTC has been focused on consumer issues raised by the “Internet of Things” (IoT) era for quite some time, the examples cited by Ramirez suggest that e-health products are among the IoT applications of greatest salience when it comes to consumer protection.  She specifically called out smart glucose meters, heart monitors and health monitoring wearables in the speech.
Continue Reading FTC Remarks Signal Heightened Focus on Mobile Health Devices