Alaap B. Shah, Lisa Pierce Reisz, and Avery Schumacher, attorneys in the Health Care & Life Sciences practice, in the firm’s Washington, DC, and Columbus offices, co-authored an article in OneTrust DataGuidance, titled “USA: Health Data Laws - Update and Impact on Organizations.” (Read the full version – subscription required.)

Following is an excerpt:

The prevalence of digital health services in the US has grown dramatically in recent years, prompted by factors such as the COVID-19 pandemic along with technological advancements in cloud computing, mobile applications, wearable devices, artificial intelligence (AI), and medical research. As the healthcare ecosystem rapidly digitizes health data to fuel these technological advancements, lawmakers and regulators seek to address evolving privacy and security challenges.

In this Insight article, Alaap Shah, Lisa Pierce Reisz, and Avery Schumacher, from Epstein Becker & Green, P.C., explore the evolving federal legal landscape governing health data in the US through the lens of the regulatory agencies responsible for oversight and enforcement of the relevant laws and regulations. The article also describes related implications for organizations whose activities involve the collection, use, or disclosure of health information. A separate article examining state laws and legislation is forthcoming.

Federal Trade Commission

The Federal Trade Commission (FTC) has been a chief federal agency protecting consumers' privacy interests as technology rapidly changes and raises new privacy challenges. The FTC's overall enforcement approach has been to use law enforcement, policy initiatives, and consumer and business education to protect consumers' personal information. 

Health Breach Notification Rule

In addition to its broad authority under Section 5 of the Federal Trade Commission Act (the FTC Act) with respect to unfair and deceptive trade practices, the Health Breach Notification Rule (HBNR) is the key authority the FTC leverages to enforce in the context of health data.  …

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.