The Federal Trade Commission (FTC) recently announced two proposed settlement agreements (in the form of a stipulated order)1 (the “consent orders”) with Monument, Inc., an alcohol addiction treatment service, and Cerebral, Inc., a subscription-based online health care treatment service, signaling the FTC’s continued commitment to pursue digital health companies that the FTC believes have improperly used or disclosed consumers’ health information. The complaints focus on the companies’ disclosure of consumers’ health information to advertising platforms without the consumers’ consent, as well as Cerebral’s alleged failure to honor its “easy” subscription cancellation promises. Of note, the FTC complaint against Cerebral named its CEO personally liable for his alleged involvement with the counts raised in the complaint. The CEO has not agreed to a settlement and the case will proceed in the district court.Continue Reading FTC Announces Proposed Settlement Agreements with Two Digital Health Companies for Disclosing Consumers’ Health Information to Third-Party Advertisers, Among Other Violations

On July 20, 2023, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) sent a joint letter to approximately 130 hospitals, telehealth providers, health app developers, and other healthcare industry companies warning of the “serious privacy and security risks” related to the use of online tracking technologies integrated into their websites and mobile apps. The FTC released a press release about the joint letter here and OCR released a press release about the joint letter here.Continue Reading OCR and FTC Issue Joint Letter to Healthcare Companies Warning About Online Tracking Technologies

On April 27, 2023, Washington State Governor Jay Inslee signed a far-reaching health privacy law entitled the “My Health My Data Act” (the Act), which extends protections to consumer health data collected by

Continue Reading Washington State Governor Signs Sweeping Health Privacy Act (My Health My Data Act) into Law

On March 2, 2023, the Federal Trade Commission (FTC) announced a proposed settlement agreement (also referred to as “proposed consent order”) with BetterHelp, Inc., an online counseling service, for allegedly disclosing its website visitors’ and

Continue Reading FTC Announces Settlement with BetterHelp for Disclosing Consumers’ Health Information to Third-Party Advertisers

On February 1, 2023, the Federal Trade Commission (FTC) announced a complaint against and proposed settlement agreement (the “proposed order”) with GoodRx, a digital health company, over its data sharing practices that allegedly

Continue Reading FTC Announces First Enforcement Action Under the Health Breach Notification Rule Against GoodRx

COVID-19 has rapidly accelerated our expectations that virtual connection can deliver better and more economical care. As a result, digital health companies have an unprecedented opportunity to innovate, but with that opportunity also comes significant regulatory challenges related to the collection and processing of personal health information. What legal requirements apply to processing of health information? What are the risks associated with noncompliance? In this brief primer, we provide answers to these questions, and a window to what may lay next on the horizon.
Continue Reading Privacy and Security of Health Information: A Primer for Digital Health Companies