Steven Roosa is a Partner in our New York office
Speakers:
- FTC Commissioner, Julie Brill
- Merck Chief Privacy Officer, Hilary Wandall
- Dr. Joseph Calandrino, PhD., Elysium Digital (plaintiff's computer science expert in the Hulu case)
- Et al.
With the Food and Drug Administration (FDA) deciding not to actively regulate health and wellness apps as mobile medical devices, companies breathed a collective sigh of relief, believing that the area is now "deregulated." As it turns out, however, this theory is completely incorrect and has lulled many businesses into a false sense that no regulator is watching their actions. Nothing could be further from the truth.
Enter the Federal Trade Commission (FTC).
The FTC has formidable technical expertise, a stable of enforcement attorneys, and an avowed focus on the health and wellness segment. While device and pharmaceutical companies are accustomed to a regulatory focus on product safety (the FDA's primary concern), they have, historically, not had to worry so much about unfair and deceptive practices from the standpoint of online privacy and security (the FTC's primary focus regarding Health and Wellness apps).
The risk with health and wellness apps is that companies will not realize the large amount of data that their apps collect and share with third-parties, such as advertising entities, analytics companies, social networks, and hosted solutions. This data includes not just personal information, but also technical data that enables those who receive it to identity the end-user or track the end-user over time and across other apps. The FTC has routinely sought enforcement against companies whose apps contradict their own privacy policies or share data in ways that are insecure or unexpected by the end-user. The FTC has also discussed privacy and security concerns regarding medical devices in its report on the Internet of Things, as well as a public presentation on privacy issues in the health and wellness apps area, and during a recent Congressional hearing.
The FTC is not the only regulator interested in this field. With health and wellness apps, there is also the possibility of inadvertently triggering the Health Insurance Portability and Accountability Act (HIPAA). Likewise, the plaintiff's class action bar, for its part, has brought suit against app publishers generally based on an assortment of federal and state statutes, with varying degrees of success.
What can companies do to reduce these risks?
The best way to minimize these risks is through education, awareness, and risk mitigation strategies. To this end, please join us at AdvaMed's day-long, intensive workshop on April 22nd, addressing:
- Hands-on, technical testing of health and wellness apps, and practical solutions for privacy and security issues
- Shortcomings in de-identification schemes and methods to improve them
- FDA and FTC regulatory oversight of mobile medical devices and apps FTC
- HIPAA compliance issues and mobile app design
- Legislative horizon
Hope to see you there!
For questions or more information, please contact
steven.roosa@hklaw.com
Find registration information here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
