FTC increasingly active in OCR, FDA's traditional purviews

By Jonah Comstock
April 13, 2015
12:44 pm
Share
A brain training game fined by the FTC earlier this year. A brain training game fined by the FTC earlier this year.

Developers of mobile health apps need to be mindful of regulation from a number of different quarters. Among others, developers need to be aware of the FDA, OCR (HIPAA), and the FTC, which is increasingly regulating areas that would seem to be the purview of one of the other two groups.

At a HIMSS session on mobile and digital health regulation, Sharon Klein, a partner at Pepper Hamilton, talked about how the FTC is increasingly becoming involved in data privacy cases. According to Klein, a rise in consumer wellness devices and apps has created a category of health data that doesn't originate in the healthcare system and therefore isn't covered by HIPAA, but could still be sensitive.

"Those of us who have been practicing for decades, we all thought that if we truly understood HIPAA HITECH and we respected all the rules and the privacy and security, we were compliant with regulations, right?" she said. "Not today. The big word inside the beltway is 'non-HIPAA regulated medical data'. This is information that’s on our phones and the individual is providing it, not a covered entity. Information is flowing back and forth into the cloud and it is not necessary regulated by HIPAA HITECH, but it might well be regulated by the Federal Trade Commission."

Even when the consumer signs away their information, the FTC still reserves the right to make sure the consumer was informed in a responsible way of what they were agreeing to. Klein pointed to a case in February where the FTC cracked down on PaymentsMD, a medical billing software that was collecting extra medical information after only informing users via some fine print.

"PaymentsMD had a consent form in four parts, which originally the consumer thought was for the purpose of tracking medical bills," Klein said. "It’s a free app. But it failed to disclose comprehensive collection of consumer medical information for a patient health report. One of those authorizations, was to enable the mobile app vendor to collect real medical information and populate this patient health information which was then commercialized. ... The FTC objected to having a combined authorization, to having the consent in small print, to having the terms of use coming out six lines at a time. So they’re very much into the weeds in terms of transparency and choice and just-in-time disclosures."

Around the same time, in a move only tangentially related to healthcare, the FTC also went after webcam company TrendNet for lax security that allowed its private cameras (marketed for home security purposes and to monitor babies) to be accessed by anyone with an internet connection.

The FTC has issued its privacy guidelines in the form of a series of reports, the most recent of which dealt specifically with the internet of things. That document came out in January.

Although Klein did not mention it in her talk, MobiHealthNews has also observed a willingness on the part of the FTC to venture into the FDA's territory of regulating potentially dangerous medical apps. In February, the commission brought action against two mole detection apps that it felt couldn't back up their medical claims, and in January it went after a children's brain training game on similar grounds.

Tags: 
digital health regulation, FDA, Federal Trade Commission, FTC, HIPAA, HIPAA HITECH, mobile health regulation, Office Civil Rights, Pepper Hamilton

More regional news

Business officials shake hands to close a deal

HEALWELL AI buying Orion Health for $115M

By
Adam Ang
December 17, 2024
A dentist screening a person's gum using an AI-powered mobile application

The University of Hong Kong brings mobile dental AI to communities

By
Adam Ang
December 17, 2024
Healthcare professional interacting with a patient via telehealth platform

VSee, Tele911 partner for virtual emergency department

By
Anthony Vecchione
December 17, 2024
Share

Top Story

Three healthcare professionals sitting at a table talking
Digital health executives on their biggest takeaways from 2024, part two

Editor's Pick

HealthTap lawsuit alleges VC firm manipulated valuation for takeover
Q&A: Hackensack Meridian Health on its AI expenditures in 2025
Surgo Health launches Youth Mental Health Tracker backed by SHOWTIME/MTV, Melinda Gates
Hinge Health joins Amazon Health Services to offer MSK care
Staffing company Aya Healthcare acquires Cross Country Healthcare for $615M
FDA issues guidance on predetermined change control plan for AI-enabled device software functions

More Stories

Business officials shake hands to close a deal
HEALWELL AI buying Orion Health for $115M
A dentist screening a person's gum using an AI-powered mobile application
The University of Hong Kong brings mobile dental AI to communities
Healthcare professional interacting with a patient via telehealth platform
VSee, Tele911 partner for virtual emergency department
Image of Withings BPM Pro 2
Withings gets FDA clearance for BPM Pro 2 cellular monitor
A senior individual interacting with an AI companion doll
AI care robot doll from Korea eyes US entry in 2025
A patient with diabetes being assisted in using a mobile app to track their blood glucose level
Taiwanese app supports digital diabetes management in Western Sydney
A surgeon conducting a stent procedure
Korean study first to prove imaging AI safety to support heart procedure
A presenter introducing the new MATS Centre during its launch
Monash University sets up assistive technology centre