Personal Health Information

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies.
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers.
Continue Reading California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information