The FTC recently reinforced its commitment to protecting consumer health data in its settlement with electronic health record company Practice Fusion. The company, which stores consumer health data in a cloud for healthcare providers, was charged with misleading consumers when it sought patients’ reviews of their doctors without disclosing that the information would be shared online.
This settlement highlights the FTC’s continued efforts to protect the privacy of consumer health data. In April, the FTC released compliance tools and best practices specifically for health app developers to ensure they were complying with the FTC’s expectations for health data providers. This came just after the Director of the FTC Bureau of Consumer Protection testified to a Congressional subcommittee about the need for the Commission to have increased data security authority to address the area of health privacy. Collectively, these efforts make clear that as consumers increasingly turn to the internet for health information, the FTC will expect companies large and small to be aware of their obligations to consumers and to comply with them.