January 28, 2023

Volume XIII, Number 28

Advertisement

January 27, 2023

Subscribe to Latest Legal News and Analysis

January 26, 2023

Subscribe to Latest Legal News and Analysis

January 25, 2023

Subscribe to Latest Legal News and Analysis
Advertisement

FTC and Other Regulators Continue to Signal Interest in Mobile Health Apps

The FTC is closing out 2022 with additional guidance for mobile health app developers signaling its continued interest in this industry. Since 2021, we have seen several steps from the agency demonstrating a focus on companies that collect health information but may not be a covered entity or business associate under HIPAA. This includes publishing additional resources, releasing commentary broadly interpreting the FTC’s Health Breach Notification Rule, and enforcement activity. Most recently, the FTC and other key regulators updated its “Mobile Health App Interactive Tool”.

Companies may use this tool to evaluate whether their mobile health app falls triggers HIPAA, the FTC Act, the Food Drug and Cosmetic Act (FD&C Act), the 21st Century Cures Act and ONC Information Blocking Regulations, the FTC’s Health Breach Notification Rule, and COPPA. Previously, the tool largely focused on applicability of HIPAA, the FTC Act, and the FD&C Act. This resource, which has existed for several years, includes new questions and considerations. The questions posed in the tool also contemplate more specific examples and use cases than before.

Putting it into Practice. Companies collecting health information are reminded of the myriad of laws (both federal and state) that may apply. The updated mobile health interactive tool can be used by organizations as an initial starting point in evaluating potential laws. Given emerging new laws (like the Information Blocking Regulations) and the broad interpretation of existing laws (like the FTC Health Breach Notification Rule) now is a good time for companies to re-access whether they are complying with all relevant laws. These additional resources also signal that the FTC is likely to have increased expectations of companies in the forthcoming year. Companies are also reminded of forthcoming state comprehensive privacy laws – several of which introduce concepts around the collecting of “sensitive” information. Both California and Virginia’s laws, coming into effect January 1, 2023, have requirements for collecting sensitive (or health) information if no exceptions apply.

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 342
Advertisement
Advertisement
Advertisement

About this Author

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334
Advertisement
Advertisement
Advertisement