FTC’s Heightened Scrutiny of Health Apps: Increased Enforcement Activity; Proposed HBNR Changes
Expanded Scope; Stringent Notice Requirements; Costly Penalties
Recording of a 90-minute CLE video webinar with Q&A
This CLE webinar will address the FTC's increased enforcement activity against health app companies collecting or using consumer health information and its recently proposed changes to the Health Breach Notification Rule (HBNR), including revised definitions expanding the HBNR's reach and more stringent breach notice requirements. Our panel will discuss the implications of the proposed rule changes and best practices for compliance.
- Purpose of the HBNR
- FTC's September 2021 policy notice
- FTC's 2023 enforcement activity against health app companies
- Section 5
- Easy Healthcare/Premom
- FTC's HBNR proposed rule changes
- Revised definitions and implications
- Updated breach notice requirements
- Best practices for compliance
- Review and revise company policies related to collecting and using consumer health information
- Understand the impact of third-party service agreements and negotiate these for compliance
- Monitor FTC activity
The panel will review these and other key issues:
- When is a company subject to the HBNR?
- What should counsel keep in mind when assisting clients with their internal policy review to ensure HBNR compliance?
- What are best practices for guiding clients through the third-party due diligence process to examine vendor privacy policies and data handling?
- What should counsel consider when negotiating/drafting service agreements and terms of service with third parties with whom clients may be sharing consumer health information?
Scott T. Lashway
Partner, Co-Leader Privacy and Data Security Practice Group
Manatt, Phelps & Phillips
Mr. Lashway has established himself as one of the nation’s leading cybersecurity and data privacy advisers as... | Read More
Mr. Lashway has established himself as one of the nation’s leading cybersecurity and data privacy advisers as well as a go-to counsel for significant disputes and investigations. Focusing much of his practice on the intersections of law, corporate data and technology, Mr. Lashway is well known for advising clients to anticipate and manage data governance, privacy and security risks across a variety of industries by deftly guiding them through proactive advisory work, incident response and breach investigations, litigation, and government investigations and enforcement actions. His work on cybersecurity and privacy matters dates back two decades and includes a wide variety of matters, including data and IP misappropriation; unauthorized access, acquisition and misuse; hacking; and technology disruptions. While Mr. Lashway represents clients in a large range of industries, he has a significant focus on the healthcare, financial services and technology sectors.Close
Alice B. Leiter
Manatt, Phelps & Phillips
Ms. Leiter focuses on health information privacy, new data use cases, data policy and health regulatory issues. She... | Read More
Ms. Leiter focuses on health information privacy, new data use cases, data policy and health regulatory issues. She advises academic medical centers, plans, providers and information technology companies on a wide range of compliance and policy issues for data not covered by the Health Insurance Portability and Accountability Act (HIPAA) and related state privacy laws. Before joining the firm, Ms. Leiter served as vice president and senior counsel to Executives for Health Innovation in Washington, D.C., where she helped develop a privacy framework to govern health data not covered by HIPAA.Close