Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Data Privacy and Security Considerations for Mobile Health App Developers and Their Counsel
In the wake of the Supreme Court's landmark decision in Dobbs v. Jackson Women's Health Organization, issues surrounding the privacy and security of health information have been top of mind for health care providers, consumers, and legislators. The Department of Health and Human Services Office for Civil Rights (OCR), the Federal Trade Commission (FTC), and the California Attorney General have all released guidance addressing the collection, storage, and use of sensitive information concerning reproductive health, signaling increased enforcement in this area. Proposed federal legislation would impose additional obligations on providers of apps and devices that store health and location data. In light of the evolving legal and regulatory landscape, app developers and their counsel should examine developers' privacy and security practices and take steps to safeguard sensitive data related to reproductive health.
OCR Guidance
OCR recently released guidance aimed at health care providers covered by the HIPAA Privacy Rule and their business associates. It clarifies that while the Privacy Rule permits certain disclosures of protected health information (PHI) without an individual's authorization that are not directly related to health care, these disclosures are subject to certain limitations. In particular, a disclosure of PHI that is required by another law is limited to "a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law," and the entity can only disclose the information that is required to be disclosed under that law. The guidance also addresses disclosures for law enforcement purposes (generally such a disclosure would be a breach of unsecured PHI unless it is made pursuant to "a court order or other mandate enforceable in a court of law"), as well as permitted disclosures made to avert a serious threat to health or safety (generally, these would not include disclosures concerning an individual's interest in or attempt to receive an abortion or other reproductive health care).
FTC Commitments Related to Health and Location Data
On July 11, 2022, the FTC published a blog post by Kristin Cohen, Acting Associate Director, FTC Division of Privacy & Identity Protection, which reaffirms the FTC's commitment to enforcing the law against illegal use and sharing of highly sensitive data. The post discusses automatically-generated location information, as well as sensitive health information generated by individuals as they use their electronic devices. The post states that the combination of location data and user-generated health information "creates a new frontier of potential harms to consumers." It goes on to describe the "shadowy" ad tech and data broker ecosystem, where "staggering" amounts of information are collected and shared in ways consumers might not expect.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace
Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.
Is Google Search Dead? How AI Is Reshaping Search and SEO
This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.
While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum
For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.
Revolutionizing Workplace Design: A Perspective from Gray Reed
In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.
From DeepSeek to Distillation: Protecting IP In An AI World
Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.