FTC Says Health Apps and Connected Devices Subject to Health Outbreak Notification Rule | Morgan Lewis – Technology and Procurement
According to recent orientation Federal Trade Commission (FTC) providers of health applications and connected devices that collect consumer health information must comply with the FTC health breach notification rule , 16 CFR Part 318, and are therefore required to notify consumers and others when their health data is breached.
The FTC policy statement, released on September 15, 2021, aims to clarify the scope of the health breach notification rule with respect to health apps and connected devices such as wearable health tracking devices. fitness, and notes that those apps and devices that collect consumer health information are generally covered by the health breach notification rule if they have the ability to pull data from multiple sources. As the FTC explains, an example would be an application that collects health information directly from a consumer while having the technical ability to extract information through an application programming interface (API) that enables the synchronization with the consumer’s fitness tracker. The health breach notification rule requires providers who are subject to the rule to notify U.S. consumers as well as the FTC and, in some cases, the media, if there has been a breach of identifiable health information. unsecured, or face civil penalties for breach. .
The health breach notification rule applies to personal health record (PHR) providers, PHR related entities, and third party service providers of PHR or PHR related entities. The FTC’s policy statement specifies how the agency will interpret these terms to apply to health apps and connected devices.
The FTC noted that although the health breach notification rule is now over 10 years old, “the explosion of health apps and connected devices makes its demands on them more important than ever.” The health violation notification has not been enforced before, but the FTC policy statement suggests that is subject to change. The FTC added, “As many Americans turn to apps and other technologies to track disease, diagnosis, treatment, medication, fitness, fertility, sleep, mental health, diet and other vital areas, this rule is more important than ever. Companies offering these services should take the necessary precautions to secure and protect consumer data. “
To see the full policy statement for additional advice from the FTC.