Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Data Privacy and Security Considerations for Mobile Health App Developers and Their Counsel
In the wake of the Supreme Court's landmark decision in Dobbs v. Jackson Women's Health Organization, issues surrounding the privacy and security of health information have been top of mind for health care providers, consumers, and legislators. The Department of Health and Human Services Office for Civil Rights (OCR), the Federal Trade Commission (FTC), and the California Attorney General have all released guidance addressing the collection, storage, and use of sensitive information concerning reproductive health, signaling increased enforcement in this area. Proposed federal legislation would impose additional obligations on providers of apps and devices that store health and location data. In light of the evolving legal and regulatory landscape, app developers and their counsel should examine developers' privacy and security practices and take steps to safeguard sensitive data related to reproductive health.
|OCR Guidance
OCR recently released guidance aimed at health care providers covered by the HIPAA Privacy Rule and their business associates. It clarifies that while the Privacy Rule permits certain disclosures of protected health information (PHI) without an individual's authorization that are not directly related to health care, these disclosures are subject to certain limitations. In particular, a disclosure of PHI that is required by another law is limited to "a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law," and the entity can only disclose the information that is required to be disclosed under that law. The guidance also addresses disclosures for law enforcement purposes (generally such a disclosure would be a breach of unsecured PHI unless it is made pursuant to "a court order or other mandate enforceable in a court of law"), as well as permitted disclosures made to avert a serious threat to health or safety (generally, these would not include disclosures concerning an individual's interest in or attempt to receive an abortion or other reproductive health care).
|FTC Commitments Related to Health and Location Data
On July 11, 2022, the FTC published a blog post by Kristin Cohen, Acting Associate Director, FTC Division of Privacy & Identity Protection, which reaffirms the FTC's commitment to enforcing the law against illegal use and sharing of highly sensitive data. The post discusses automatically-generated location information, as well as sensitive health information generated by individuals as they use their electronic devices. The post states that the combination of location data and user-generated health information "creates a new frontier of potential harms to consumers." It goes on to describe the "shadowy" ad tech and data broker ecosystem, where "staggering" amounts of information are collected and shared in ways consumers might not expect.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.