Health Privacy

FTC Announces Proposed Order against BetterHelp for Disclosing Sensitive Mental Health Information to Third Parties for Targeted Advertising Purposes

Posted on March 6, 2023

Posted in Health Privacy, Online Privacy

On March 2, 2023, the FTC announced a proposed order against BetterHelp, Inc., an online mental health counseling service, for sharing consumer data, including sensitive mental health information, with third parties for targeted advertising and other purposes. …
Continue Reading FTC Announces Proposed Order against BetterHelp for Disclosing Sensitive Mental Health Information to Third Parties for Targeted Advertising Purposes

Illinois Federal Court Rules that BIPA Health Care Exemption Applies to Sunglasses Virtual Try-On Tool

Posted on February 17, 2023

Posted in Health Privacy, Information Security, U.S. State Law

On February 10, 2023, an Illinois federal district court ordered the dismissal of a putative class action lawsuit alleging that an online tool that allowed users to virtually try on sunglasses violated the Illinois Biometric Privacy Act. …
Continue Reading Illinois Federal Court Rules that BIPA Health Care Exemption Applies to Sunglasses Virtual Try-On Tool

GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Posted on February 3, 2023

Posted in Cybersecurity, Enforcement, Health Privacy, Information Security, Security Breach

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

Posted on December 19, 2022

Posted in Health Privacy, Information Security, Online Privacy, Security Breach

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

FTC Releases Updated Mobile Health App Compliance Tool

Posted on December 16, 2022

Posted in Health Privacy, Information Security, U.S. Federal Law

On December 7, 2022, the Federal Trade Commission released an updated Mobile Health App Interactive Tool to help developers determine what federal laws and regulations apply to apps that collect and process health data.
Continue Reading FTC Releases Updated Mobile Health App Compliance Tool

Pennsylvania Amends Breach Notification Law

Posted on November 14, 2022

Posted in Health Privacy, Information Security, Online Privacy, Security Breach, U.S. State Law

On November 3, 2022, Pennsylvania Governor Tom Wolf singed Senate Bill 636 into law, amending Pennsylvania’s breach notification law.
Continue Reading Pennsylvania Amends Breach Notification Law

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Posted on October 24, 2022

Posted in Cybersecurity, Enforcement, Financial Privacy, Health Privacy, Security Breach

On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

New California Laws Enhance Reproductive Health Privacy Protections

Posted on October 17, 2022

Posted in Enforcement, Health Privacy, Information Security

On September 27, 2022, California Governor Gavin Newsom signed into law a pair of bills designed to prevent medical information and other data held by California entities from being used in out-of-state abortion prosecutions.
Continue Reading New California Laws Enhance Reproductive Health Privacy Protections

OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

Posted on September 21, 2022

Posted in Health Privacy, Security Breach, U.S. Federal Law

On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights announced that it had settled a case involving the disposal of physical protected health information. …
Continue Reading OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

FTC Commences Civil Action Against Data Broker for Selling Geolocation Data

Posted on September 19, 2022

Posted in Enforcement, Health Privacy, Information Security, Marketing

On August 29, 2022, the Federal Trade Commission announced a civil action against digital marketing data broker Kochava Inc. for “selling geolocation data from hundreds of millions of mobile devices that can be used to trace movements of individuals to and from sensitive locations.”…
Continue Reading FTC Commences Civil Action Against Data Broker for Selling Geolocation Data

Menu

Privacy & Information Security Law Blog