Photo of Jennifer Romig

For decades, health care providers that are subject to both HIPAA and to the specialized Confidentiality of Substance Use Disorder (“SUD”) Patient Records regulations (known as “Part 2”) have had to navigate differing, and at times divergent, privacy and confidentiality rules applicable to patient health information and patient records. These disparate privacy rules have, for many

Modern smartphones, wearables and internet-enabled devices are capable of monitoring heart rate, blood oxygen levels, steps taken, prescription adherence, and other vital health-related activities. Contrary to popular belief, HIPAA does not cover many of these applications and devices. On September 15, 2021, the Federal Trade Commission issued a Policy Statement attempting to assert authority to police that gap.  The Policy Statement explains the FTC’s view that the Health Breach Notification Rule applies to mobile health applications. This Policy Statement signals increasing FTC scrutiny designed to safeguard sensitive health data on a variety of modern technologies that consumers use to monitor and improve their health.
Continue Reading FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule