‘No data more personal’: Patients, digital health players weigh in on the FTC’s data privacy plan

This year has seen the Federal Trade Commission crack down on digital health companies’ irresponsible data use. Since February, it has charged four companies with improperly handling sensitive health information — starting with the first-ever enforcement of its long-stagnant Health Breach Notification Rule, against GoodRx.

Now, the FTC is arming itself for even more aggressive enforcement. In June, it proposed changes to the Health Breach Notification Rule that would clarify its ability to regulate digital health companies and their use of health data — filling in some of the gaps left by the patient privacy law HIPAA, which in many cases doesn’t cover the fast-growing world of online and app-based health and wellness services.

“The FTC is seeking to put developers of these kind of apps on notice that they, too, have responsibilities to protect health data,” said Angie Matney, counsel focused on data privacy at the law firm Reed Smith.

STAT+ Exclusive Story

Already have an account? Log in

This article is exclusive to STAT+ subscribers

Unlock this article — and get additional analysis of the technologies disrupting health care — by subscribing to STAT+.

Already have an account? Log in

Already have an account? Log in

Individual plans

Group plans

Monthly

$39

Totals $468 per year

$39/month Get Started

Totals $468 per year

Starter

$30

for 3 months, then $39/month

$30 for 3 months Get Started

Then $39/month

Annual

$399

Save 15%

$399/year Get Started

Save 15%

11+ Users

Custom

Savings start at 25%!

Request A Quote Request A Quote

Savings start at 25%!

2-10 Users

$300

Annually per user

$300/year Get Started

$300 Annually per user

View All Plans

Get unlimited access to award-winning journalism and exclusive events.

Subscribe

Log In