Nancy Perkins, Kim Gold, TiTi Nguyen

If a mobile application collects data from a patient, does that mean the HIPAA rules apply, or instead, does the California Consumer Protection Act apply? What about the California Confidentiality of Medical Information, the GDPR, or the FTCโ€™s breach notification rules under the HITECH Act? This panel will explore the circumstances that may trigger the application of these various regulatory frameworks and how to design a compliant privacy policy for a mobile health application.

Nancy Perkins, Counsel, Arnold & Porter
Kim Gold, Chief Privacy Officer, Genentech
TiTi Nguyen, Deputy Attorney General, Consumer Protection Section โ€“ Privacy Unit, California Department of Justice

Readings:

FTC-statement-on-breach-notification-rule-and-mobile-health-applications-September-2021

FTC-decision-and-order-in-Flo-Health-matter-June-2021

FTC-complaint-against-Flo-Health-June-2021

Bloomberg-Health.FTC-HITECH-data-security-breach-rules-article-Jan.-2010

People-v.-Glow-Superior-Court-Final-Judgment-and-Permanent-Injunction

CA-AG-complaint-against-Glow-2020

California-Confidentiality-of-Medical-Information-Act

CCPA-exemptions-Cal.-Civ.-Code-1798.146-2022

Kim Gold

Chief Privacy Officer
Genentech

Perkins Nancy
Nancy Perkins

Counsel
Arnold & Porter

TiTi Nguyen

Dept. Attorney General, Consumer Protection Section
California Dept. of Justice

Category: Uncategorized