On September 15, 2023, the Federal Trade Commission and the Department of Health and Human Services (“HHS”) published an updated version of the two agencies’ joint publication, entitled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.”
The publication aims to help businesses learn more about their legal obligations under some of the health privacy and security-related laws and rules enforced by the FTC and the HHS, with specific focus on the Health Insurance Portability and Accountability Act (“HIPAA”), the HIPAA Privacy, Security, and Breach Notification Rules, the FTC Act, and the FTC’s Health Breach Notification Rule.
The publication offers general guidance on issues including what entities the specific laws and regulations cover, the measures covered entities can adopt to maintain the privacy and security of consumers’ health information, and the steps entities must take in the event of a data breach. The publication is available on the FTC’s website.