BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Health

Date & Time
  • event Date

    Wednesday, August 23, 2023

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00
CLE
ALL

This CLE webinar will address the FTC's increased enforcement activity against health app companies collecting or using consumer health information and its recently proposed changes to the Health Breach Notification Rule (HBNR), including revised definitions expanding the HBNR's reach and more stringent breach notice requirements. Our panel will discuss the implications of the proposed rule changes and best practices for compliance.

Faculty

Scott T. Lashway
Partner, Co-Leader Privacy and Data Security Practice Group
Manatt Phelps & Phillips LLP

Mr. Lashway has established himself as one of the nation’s leading cybersecurity and data privacy advisers as well as a go-to counsel for significant disputes and investigations. Focusing much of his practice on the intersections of law, corporate data and technology, Mr. Lashway is well known for advising clients to anticipate and manage data governance, privacy and security risks across a variety of industries by deftly guiding them through proactive advisory work, incident response and breach investigations, litigation, and government investigations and enforcement actions. His work on cybersecurity and privacy matters dates back two decades and includes a wide variety of matters, including data and IP misappropriation; unauthorized access, acquisition and misuse; hacking; and technology disruptions. While Mr. Lashway represents clients in a large range of industries, he has a significant focus on the healthcare, financial services and technology sectors.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Alice B. Leiter
Counsel
Manatt Phelps & Phillips LLP

Ms. Leiter focuses on health information privacy, new data use cases, data policy and health regulatory issues. She advises academic medical centers, plans, providers and information technology companies on a wide range of compliance and policy issues for data not covered by the Health Insurance Portability and Accountability Act (HIPAA) and related state privacy laws. Before joining the firm, Ms. Leiter served as vice president and senior counsel to Executives for Health Innovation in Washington, D.C., where she helped develop a privacy framework to govern health data not covered by HIPAA.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

Recent events demonstrate the FTC's increased scrutiny of and enforcement efforts against health app companies collecting or using consumer health information. In September 2021, the FTC issued a policy notice affirming that health app companies collecting or using consumers' health information are covered by the HBNR and are subject to its notice requirements.

In early 2023, the FTC took its first two enforcement actions against health app companies--GoodRx and Easy Healthcare (Premom)--accusing each company of engaging in unfair and deceptive practices in violation of Section 5 by misrepresenting their privacy policies and sharing users' identifiable health information with third-party advertisers without proper consumer notice or authorization. This unauthorized release of information constituted a breach that was not reported by either company in further violation of the HBNR. The companies were subject to costly penalties.

On May 18, 2023, the FTC proposed changes to the HBNR which would formalize the FTC's stance indicated in its prior policy statement and demonstrated in the two enforcement actions. The proposed rule includes revised definitions enhancing the scope of the HBNR and updated notice requirements.

Listen as our expert panel discusses the FTC's increased HBNR regulatory activity and the implications of the proposed HBNR rule changes. The panel will also discuss best practices for mitigating risk and ensuring compliance.

Outline

  1. Purpose of the HBNR
  2. FTC's September 2021 policy notice
  3. FTC's 2023 enforcement activity against health app companies
    • Section 5
    • GoodRx
    • Easy Healthcare/Premom
  4. FTC's HBNR proposed rule changes
    • Revised definitions and implications
    • Updated breach notice requirements
  5. Best practices for compliance
    • Review and revise company policies related to collecting and using consumer health information
    • Understand the impact of third-party service agreements and negotiate these for compliance
    • Monitor FTC activity

Benefits

The panel will review these and other key issues:

  • When is a company subject to the HBNR?
  • What should counsel keep in mind when assisting clients with their internal policy review to ensure HBNR compliance?
  • What are best practices for guiding clients through the third-party due diligence process to examine vendor privacy policies and data handling?
  • What should counsel consider when negotiating/drafting service agreements and terms of service with third parties with whom clients may be sharing consumer health information?