- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Kyle Brasseur2023-07-21T16:15:00
The Federal Trade Commission (FTC) and Department of Health and Human Services sent letters to approximately 130 hospital systems and telehealth providers regarding potential patient privacy violations and security risks stemming from online tracking technologies.
The use of technology such as the Meta pixel code snippet or Google Analytics could “gather identifiable information about users, usually without their knowledge and in ways that are hard for users to avoid, as users interact with a website or mobile app,” said the agencies in a joint press release Thursday.
Unauthorized disclosure of an individual’s personal health information to third parties could violate the Health Insurance Portability and Accountability Act, while companies not covered by HIPAA still have a responsibility to protect against such disclosure under laws including the FTC Act and Health Breach Notification Rule, the agencies warned.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.
Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s health breach notification rule.
Doctors’ Management Service agreed to pay $100,000 in settling the first ransomware agreement under the Health Insurance Portability and Accountability Act reached by the Department of Health and Human Services’ Office for Civil Rights.
An alleged software mastermind of the notorious LockBit ransomware group will soon be extradited to the United States to stand trial on charges that his criminal enterprise extorted at least half a billion dollars from victims worldwide, including U.S. businesses and hospitals, the Department of Justice (DOJ), said.
Purported “testimonial and review” service Rytr agreed to stop selling its program that used artificial intelligence to create fake content as part of a consent order with the Federal Trade Commission.
Bank of America avoided a monetary penalty in agreeing to settle charges with the Treasury Department’s Office of the Comptroller of the Currency but was ordered to shore up previously disclosed deficiencies in its Bank Secrecy Act/anti-money laundering (BSA/AML) and sanctions compliance programs.
