Lexology January 20, 2022
Squire Patton Boggs

The FTC’s recent policy statement on the Health Breach Notification Rule (the “Rule”) substantially impacts the consumer-facing digital health industry by significantly expanding (a) the scope of entities subject to the Rule and (b) data practices that constitute a breach. Under the new guidance, any entity that collects health data from both a connected device and the consumer (excluding entities already subject to HIPAA) will be treated as a “vendor of Personal Health Records” (“PHR Vendor”) subject to the Rule. Moreover, PHR Vendors that share such information without the individual’s authorization will trigger the Rule’s breach notification requirements.

PHR Vendors Include Health Apps, Too

The Rule applies to PHR Vendors, PHR related entities, and their third party service providers that...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Apps, Cybersecurity, Digital Health, Govt Agencies, Health IT, mHealth, Patient / Consumer, Provider, Regulations, Technology
Related Articles:
Medicare insurers ranked by mobile app quality
How an App Store Approach Fuels Innovation and Efficiency in Healthcare
'The generation that created the internet is now our audience': SCAN Group prepares to launch first mobile app
Apple’s Vision Pro has a problem a year into its existence: Not enough apps
Research reveals concerning links between fitness apps and disordered eating

Share This Article