The Federal Trade Commission (FTC) recently rolled out new guidance on HIPAA, FTC Act, and Health Breaches, stated within a document titled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.”
As noted by law firm Rivkin Radler LLP, the guidance is aimed at businesses that collect, use, or share consumer health information. These entities are, or should be, familiar with adhering to the Health Insurance Portability and Accountability Act (HIPAA) and its Privacy, Security, and Breach Notification Rules.
However, the new guidance underlines that the Federal Trade Commission Act (FTC Act) and the FTC’s Health Breach Notification Rule are also critical compliance considerations. The intersection of these regulatory standards has the potential to create complex scenarios that require careful navigation to ensure legal adherence and consumer protection.
The FTC’s guidance underpins the key need for businesses handling consumer health information to be aware of, and to aptly manage, the cumulative legal duties arising from these different regulations. A comprehensive approach to data privacy and health information handling is, therefore, recommended for businesses in this sphere to adequately respond to the set regulations and prevent any potential breach incidents.