On September 15, the Federal Trade Commission (“FTC”) adopted, on a 3-2 party-line vote, a policy statement that takes a broad view of which health apps and connected devices are subject to the FTC’s Health Breach Notification Rule (the “Rule”) and what triggers the Rule’s notification requirement.

The Rule was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  Under the Rule, vendors of personal health record that are not otherwise regulated under the Health Insurance Portability and Accountability Act (“HIPAA”) are required to notify individuals, the FTC, and, in some cases, the media following a breach involving unsecured identifiable health information.  16 C.F.R. §§ 318.3, 318.5.  Third-party service providers also are required to notify covered vendors of any breach.  16 C.F.R. § 318.3.


Continue Reading FTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices

Legislation that would amend California’s Confidentiality of Medical Information Act (“CMIA”) is working its way through California’s Senate and passed in the Senate Health Committee earlier this week.  The proposed bill passed in the state’s Assembly back in April.  Introduced by Democratic California Assemblymember Edwin Chau, who sits on the Privacy and Consumer Protection Committee, the proposed legislation (AB 1436) expands the definition of “provider of health care.”  Under the CMIA, providers of health care are subject to various obligations, including provisions that restrict the disclosure of medical information without a prior valid authorization, subject to certain exceptions.
Continue Reading Proposed Bill Would Expand the Scope of the CMIA

On September 2, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced a new “Health Apps” feature on the HHS.gov website.  The new website, which replaces the OCR’s Health App Developer Portal, highlights existing guidance for mobile health (“mHealth”) apps regarding the Health Insurance Portability and Accountability Act

The COVID-19 crisis is demonstrating the potential of digital health technology to manage some of our greatest public health challenges.  The White House Office of Science and Technology Policy has issued a call to action for technology companies to help the science community answer high-priority scientific questions related to COVID-19.  The Centers for Disease Control

Product liability considerations are not likely the first concerns that spring to mind for the many companies working to develop digital health countermeasures and other products related to COVID-19.  Yet even while putting together solutions on an accelerated timeline, there are some straightforward actions that companies can take that may reduce litigation risk down the

On March 9, 2020, the Department of Health and Human Services (HHS) issued two final rules aimed at improving patient access to electronic health information (EHI), as well as the standardization of modes of exchange for EHI.  The rules, which were issued by the Office of the National Coordinator for Health Information Technology (ONC) and

On February 27, 2020 NHSX, the technology and digital unit of the NHS, published its draft Digital Health Technology Standard (the “Standard”) for consultation to stakeholders in the digital health space (the “Consultation”). The Consultation is open until 22 April, 2020 (and is available here).

The Standard, which is based on existing industry and health standards, is intended to streamline how digital health technologies are reviewed and commissioned by the NHS and social care.


Continue Reading NHSX Consults on Draft Digital Health Technology Standard

Germany recently enacted a law that enables state health insurance schemes to reimburse costs related to the use of digital health applications (“health apps”), but the law requires the Federal Ministry of Health to first develop the reimbursement process for such apps.  Accordingly, on January 15, 2020, the German government published a draft regulation setting