A recent enforcement action by the Federal Trade Commission (“FTC”) against 1Health.io—which sells “DNA Health Test Kits” to consumers for health and ancestry insights—serves as a reminder that the FTC is increasingly exercising its consumer protection authority in the context of privacy and data protection. This is especially true where the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not reach. The FTC’s settlement with 1Health.io highlights a wide-range of privacy and security issues companies should consider relating to best practices for updating privacy policies, data retention policies, configuration of cloud storage and vendor management, especially when handling sensitive genetic data.
Blog Editors
Recent Updates
- New Proposed Federal Legislation Takes Aim at Concerns Regarding Perceived “Looting” of Health Care Systems by Private Equity Investors
- Podcast: The Future of Laboratory Testing Just Got a Little Clearer - FDA's Final Rule on LDTs – Diagnosing Health Care
- How Does the End of Chevron Deference Change the Relationship Between the Health Care Industry, Federal Regulators, and Congress?
- Podcast: Down Goes Chevron: A 40-Year Precedent Overturned by the Supreme Court – Diagnosing Health Care
- Thoughts: AB 3129 Expands Its Reach