FTC to Industry: Consumer Health Data Subject to Privacy, Security Protections

May 4, 2015 – The Federal Trade Commission (FTC) has issued a reminder to industry members collecting, using or sharing consumer health data which states that the FTC has the authority “to take action against a wide variety of deceptive or unfair practices by app developers, device manufacturers and others,” and describes three recent FTC law enforcement actions.

In this piece, published April 27 on the FTC Website, the FTC applauds the fact that consumers “are taking a more active role in managing their health information” because new products and services allow them increased engagement, but the agency also comments that there are privacy and security considerations that must be addressed. For example, companies should be aware of whether they are subject to providing safeguards under the Health Insurance Portability and Accountability Act (HIPAA).

Three recent settlements are described in the FTC document, authored by Cora Han:

  • PaymentsMD.  The FTC settled allegations that a medical billing company collected consumers’ personal medical information without their consent.
  • GMR Transcription Services.  That settlement involved allegations that a medical transcription company outsourced services to a third party without adequately checking to make sure it could implement reasonable security measures.
  • Accretive Health.  According to that settlement, a company providing medical billing and revenue management services to hospitals put consumers’ personal information at risk by (among other things) transporting laptops with sensitive data in a way that made them vulnerable to theft. The FTC also said the company gave access to personal information to employees who didn’t need it do their jobs.

The FTC adds that the Food and Drug Administration (FDA) plays a role in regulating apps “that are medical devices and could pose a risk to patients’ safety if they don’t function as intended.” Finally, the FTC states that “sound privacy and security practices are a key component in building consumer confidence in this new marketplace.”