Nancy Perkins, Kim Gold, TiTi Nguyen

If a mobile application collects data from a patient, does that mean the HIPAA rules apply, or instead, does the California Consumer Protection Act apply? What about the California Confidentiality of Medical Information, the GDPR, or the FTC’s breach notification rules under the HITECH Act? This panel will explore the circumstances that may trigger the application of these various regulatory frameworks and how to design a compliant privacy policy for a mobile health application.

Nancy Perkins, Counsel, Arnold & Porter
Kim Gold, Chief Privacy Officer, Genentech
TiTi Nguyen, Deputy Attorney General, Consumer Protection Section – Privacy Unit, California Department of Justice

Readings:

FTC-statement-on-breach-notification-rule-and-mobile-health-applications-September-2021

FTC-decision-and-order-in-Flo-Health-matter-June-2021

FTC-complaint-against-Flo-Health-June-2021

Bloomberg-Health.FTC-HITECH-data-security-breach-rules-article-Jan.-2010

People-v.-Glow-Superior-Court-Final-Judgment-and-Permanent-Injunction

CA-AG-complaint-against-Glow-2020

California-Confidentiality-of-Medical-Information-Act

CCPA-exemptions-Cal.-Civ.-Code-1798.146-2022

Kim Gold

Chief Privacy Officer
Genentech

Perkins Nancy
Nancy Perkins

Counsel
Arnold & Porter

TiTi Nguyen

Dept. Attorney General, Consumer Protection Section
California Dept. of Justice

Category: Uncategorized