By Samantha Dalmass and Melissa Sobel Snyder
The Federal Trade Commission (“FTC”) is seeking enforcement under the Health Breach Notification Rule for the first time since the rule was adopted in 2009. The Health Breach Notification Rule (16 C.F.R. Part 318) requires vendors of personal health records, PHR-related entities, and third party service providers that are not otherwise subject to the Health Insurance Portability and Accountability Act (“HIPAA”) to notify their customers and individuals whose personal health records are disclosed in the event of a breach or unauthorized disclosure. In its complaint filed against GoodRx on January 1, 2023, the FTC targets the digital health platform, alleging that it repeatedly violated the promises it has made to its customers regarding its protection of their personal health information, including that such information would be shared only with limited third parties and for limited purposes; that GoodRx would restrict such third parties’ use of customer information; and that it would never share personal health information with advertisers or other third parties. Continue reading “FTC Wields Health Breach Notification Rule for First Time in Quest to Protect Consumer Health Information”