On May 18, the Federal Trade Commission (FTC) proposed changes to the Health Breach Notification Rule (the HBNR or the Rule), including clarifying the rule’s applicability to health apps and other similar technologies. These...more
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
On March 9, 2023, the Securities and Exchange Commission (SEC) reached a settlement with Blackbaud – a client relationship management (CRM) service provider for nonprofits – over allegations that Blackbaud (i) made materially...more
On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair...more
3/8/2023
/ Advertising ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Enforcement Authority ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LGBTQ ,
Mental Health ,
Pharmacies ,
Section 5 ,
Settlement ,
Telehealth ,
Unfair or Deceptive Trade Practices
On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and...more
2/23/2023
/ Clinical Laboratories ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratories ,
Material Misstatements ,
PHI ,
Settlement ,
State Attorneys General ,
Statutory Violations
On February 1, 2023, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information with third parties without properly disclosing their data...more
On December 19, the Federal Trade Commission (FTC) reached two separate record-breaking settlements with Epic Games, Inc. (“Epic”) over allegations, among others, that the Fortnite video game maker knowingly violated the...more
On August 24, 2022, California Attorney General Rob Bonta (“CA AG”) announced a $1.2 million settlement with Sephora, Inc. (“Sephora”), marking the first announced enforcement action under the California Consumer Privacy Act...more
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
5/31/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Corporate Fines ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Law Enforcement ,
New Guidance ,
Personal Data ,
Right to Privacy
The Federal Trade Commission (FTC) reached a settlement with WW International Inc., formerly known as Weight Watchers (WW), over allegations that the company collected children’s information without parental consent in...more
On January 15, 2021, the Fifth Circuit vacated a $4.3 million penalty that the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) had issued against the University of Texas M.D. Anderson Cancer...more