- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Kyle Brasseur2023-07-21T16:15:00
The Federal Trade Commission (FTC) and Department of Health and Human Services sent letters to approximately 130 hospital systems and telehealth providers regarding potential patient privacy violations and security risks stemming from online tracking technologies.
The use of technology such as the Meta pixel code snippet or Google Analytics could “gather identifiable information about users, usually without their knowledge and in ways that are hard for users to avoid, as users interact with a website or mobile app,” said the agencies in a joint press release Thursday.
Unauthorized disclosure of an individual’s personal health information to third parties could violate the Health Insurance Portability and Accountability Act, while companies not covered by HIPAA still have a responsibility to protect against such disclosure under laws including the FTC Act and Health Breach Notification Rule, the agencies warned.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.
Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s health breach notification rule.
Doctors’ Management Service agreed to pay $100,000 in settling the first ransomware agreement under the Health Insurance Portability and Accountability Act reached by the Department of Health and Human Services’ Office for Civil Rights.
RTX Corp., the parent company of Raytheon, disclosed in a public filing it has reserved $1.24 billion to resolve legacy legal matters with the Department of Justice, Securities and Exchange Commission, and Department of State.
The U.K. Financial Conduct Authority issued a fine of $4.5 million (3.5 million pounds) against a U.K.-based subsidiary of crypto platform Coinbase for providing services to high-risk customers in violation of FCA rules.
Admera Health agreed to pay more than $5.5 million to resolve allegations first brought by two whistleblowers that it paid kickbacks to third-party contractors, the Department of Justice said.
