ARTICLE
9 February 2023

The FTC And Protection Of Health Care Data

KM
Katten Muchin Rosenman LLP

Contributor

Katten is a firm of first choice for clients seeking sophisticated, high-value legal services globally. Our nationally and internationally recognized practices include corporate, financial markets and funds, insolvency and restructuring, intellectual property, litigation, real estate, structured finance and securitization, transactional tax planning, private credit and private wealth.
Most people, and especially health care providers, are familiar with HIPAA and its relation to protecting the privacy and security of a person's health care information.
United States Food, Drugs, Healthcare, Life Sciences

Most people, and especially health care providers, are familiar with HIPAA and its relation to protecting the privacy and security of a person's health care information. Now that the Federal Trade Commission (FTC) has taken action for the first time under its Health Breach Notification Rule (which is completely separate from HIPAA), health care providers and other companies engaged in digital health initiatives should recommit to (i) having robust data privacy and security policies and procedures; and (ii) complying with such policies and procedures.

In the FTC's press release about its first enforcement action in this area, the FTC points out that GoodRx had insufficient policies, and the ones it had in place were not being followed. Another noteworthy item (among many in the press release), is that concerns about GoodRx's practices were brought to light by a "consumer watchdog", not as a result of an accidental disclosure of a particular patient's data, a system failure, or a malicious attack by a bad actor (e.g., hack, ransomware).

For additional insight on what to do (and not to do) in the context of health care data privacy and security, review the FTC's full press release and work with health care and data privacy attorneys well-versed in these matters.

GoodRx failed to maintain sufficient policies or procedures to protect its users' personal health information. Until a consumer watchdog publicly revealed GoodRx's actions in February 2020, GoodRx had no sufficient formal, written, or standard privacy or data sharing policies or compliance programs in place.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More