A recent enforcement action by the Federal Trade Commission (“FTC”) against 1Health.io—which sells “DNA Health Test Kits” to consumers for health and ancestry insights—serves as a reminder that the FTC is increasingly exercising its consumer protection authority in the context of privacy and data protection. This is especially true where the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not reach. The FTC’s settlement with 1Health.io highlights a wide-range of privacy and security issues companies should consider relating to best practices for updating privacy policies, data retention policies, configuration of cloud storage and vendor management, especially when handling sensitive genetic data.
Blog Editors
Recent Updates
- DOJ’s False Claims Act Recoveries Top $2.9 Billion in FY 2024, but Health Care Numbers Dip—What Could FY 2025 Hold for Health Care Enforcement?
- Recent Developments in Health Care Cybersecurity and Oversight: 2024 Wrap Up and 2025 Outlook
- Massachusetts Governor Maura Healey Signs into Law a Sweeping Health Care Market Oversight Bill
- Second Circuit Adopts “At Least One Purpose” Rule for False Claims Act Cases Premised on Anti-Kickback Statute Violations
- Supreme Court of Ohio Decides on a Peer-Review Privilege Issue in Stull v. Summa