- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2024-04-26T18:49:00
Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s (FTC) health breach notification rule (HBNR), part of a broad update approved by the agency.
Many providers of direct health services, such as hospitals and doctors, are required to protect personal information under the Health Insurance Portability and Accountability Act (HIPAA). The HBNR pertains to health entities not beholden to HIPAA, such as certain vendors of health records, and requires them to notify individuals about data incidents.
The FTC has applied the HBNR to mobile health applications, as its recent enforcement actions against GoodRx and Easy Healthcare show.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.
UnitedHealth Group’s response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been “inadequate” and must be improved immediately, a group of 22 state attorneys general told the company.
Kitchen and home retail company Williams-Sonoma agreed to pay nearly $3.2 million for failing to comply with a 2020 administrative order by the Federal Trade Commission prohibiting its marketing of imported goods as made in the United States.
Any product that uses AI needs to be safety assessed for its entire lifespan under new rules that went into effect recently across the EU. Experts warned companies using AI to tailor products could be classed as “manufacturers” and face the same duty of care as developed.
When lawmakers slam the U.K.’s chief financial regulator as “incompetent,” it not only opens the doors for others to pile criticism on it, but it sparks a debate about how the organization can be improved–or removed.
The U.K. Financial Conduct Authority apologized to investors in peer-to-peer investment firm Collateral for not acting swiftly enough to prevent Collateral from defrauding its customers.
