Health Law Advisor

On May 18, 2023, the Federal Trade Commission (FTC) filed a Notice of Proposed Rulemaking and Request for Public Comment (“NPRM”) seeking to amend the Health Breach Notification Rule (“HBNR”). We previously wrote about the FTC’s policy statement, in which the FTC took the position that mobile health applications that are not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) are covered by the HBNR. In our post, we highlighted concerns raised in dissent by commissioner Noah Joshua Phillips that the FTC’s interpretation of “breach of security” was too broad. Commissioner Phillips has since resigned.

On February 1, 2023, the FTC announced a proposed $1.5 million settlement with GoodRx Holdings, based on alleged violations of the Federal Trade Commission Act (“FTC Act”) and Health Breach Notification Rule (“HBNR”) for using advertising technologies on its websites and mobile app that resulted in the unauthorized disclosure of consumers’ personal and health information to advertisers and other third parties. On the same day, the U.S. Department of Justice, acting on behalf of the FTC, filed a Complaint and Proposed Stipulated Order detailing the FTC’s allegations and the terms of the proposed settlement. 

Throughout 2021, we closely monitored the latest privacy laws and a surge of privacy, cybersecurity, and data asset management risks that affect organizations, small and large. As these laws continue to evolve, it is important for companies to be aware and compliant. We will continue to monitor these trends for 2022.

The attorneys of the Privacy, Cybersecurity & Data Asset Management group have written on a wide range of notable developments and trends that affect employers and health care providers. In case you missed any, we have assembled a recap of our top 10 blog posts of 2021, with links to each, below: