By: Editorial Staff, Date: September 14th, 2021
Health apps have become wildly popular in the past decade, serving as a way for people to more easily monitor their diet, exercise, sleep patterns, and beyond. The fact that many of these applications collect sensitive personal information from their users, though, is cause for security concerns. Now, the U.S. Federal Trade Commission (FTC) is warning that any app that collects personal health information from its users must notify those users if their data is breached or otherwise shared with third parties without the user’s permission.
Since 2009, the Health Breach Notification Rule has required companies that handle health records to notify their consumers in the event of a data breach. In a 3-2 vote that took place on September 15, the FTC decided to extend that policy to digital applications and devices as well.
Speaking on the new policy, FTC chair Lina Khan said, “Digital apps are routinely caught playing fast and loose with user data, leaving users’ sensitive health information susceptible to hacks and breaches”.
It isn’t just data breaches that come in the form of cybersecurity intrusion, though, that is covered by the new ruling. Under the new ruling, companies will also be required to notify their users of any instance of unauthorized data access, including instances where data is shared without permission.
In recent years, there have been numerous cases of health applications that have compromised the sensitive data of their users. Last year, UK AI chatbot and telehealth startup Babylon Health incurred a “software error” that allowed users to access the video consultations of other patients. The period tracking app Flo, meanwhile, was recently caught sharing its users’ health data with third-party marketing and analytics services without permission.
Going forward, though, health applications that fail to notify their users when their data is breached or otherwise shared without authorization will be subject to hefty fines. According to the FTC, companies that don’t comply with the new rule will be fined $43,792 per violation per day.
Upcoming Webcasts
The Intersection of Cannabis and Corporate Law: Navigating Complex Federal and State Laws
The unceasingly evolving field of cannabis continues to bring complex regulatory challenges among businesses and legal practitioners. Although still illegal under federal law, several states and territories in the US have already legalized the use of cannabis for both medical and recreational purposes. In April 2022, the U.S. House of Representatives passed the Marijuana Opportunity Reinvestment and Expungement (MORE) Act. If passed by the Senate, the MORE Act would abolish criminal penalties for federal cannabis offenses, decriminalize cannabis at the federal level, and expunge past federal cannabis convictions.