Health Information Compliance Alert

Industry News:

FTC Warns Entities About Health App Breach Policies

If your organization is utilizing health applications to connect with patients during the pandemic, make sure you are following current Federal Trade Commission (FTC) breach mandates.

Details: On Sept. 15, the FTC issued a reminder “that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached,” the release notes. Though the FTC rule hasn’t been implemented since it was created in 2009, the mandate concerns entities not covered by HIPAA and ensures that they “face accountability when consumers’ sensitive health information is compromised,” a policy statement indicates.

Why now? With the rise of wearables and the increase of health app usage during the COVID-19 public health emergency (PHE), the FTC is concerned about scams and cyber risks. The Commission is also worried about how companies share consumers’ health data and harness those analytics to push new products.

“As many Americans turn to apps and other technologies to track diseases, diagnoses, treatment, medications, fitness, fertility, sleep, mental health, diet, and other vital areas, this Rule is more important than ever,” the FTC cautions. Entities should revisit their policies to ensure compliance with the Rule and protect consumers against not only cyber attacks, but unauthorized access and disclosure, too, the Commission indicates.

Read the policy statement at www.ftc.gov/system/files/documents/public_statements/1596364/statement_of_the_commission_on_breaches_by_health_apps_and_other_connected_devices.pdf