FTC health data breach rule scrutinized

By Ben Leonard and Chelsea Cirruzzo

With Megan R. Wilson and Evan Peng 

The FTC wants to clarify its health data-sharing regulations for health app developers. | Richard Drew/AP Photo

FTC UNDER THE MICROSCOPE — In May, the Federal Trade Commission proposed a sweeping expansion of health data privacy rules, and now, the period for the public to weigh in has ended.

While many comments were supportive, others were concerned that the FTC was overstepping its authority, opening itself up to litigation, and urged more clarity.

What’s new in the rule: The proposal would clarify that health app developers would be subject to regulations requiring them to notify customers if their identifiable data is accessed by hackers or business partners or shared for marketing without patient approval. The rule would include those offering health services and supplies — broadly defined to include fitness, sleep, diet and mental health products and services, among a laundry list of categories.

The proposal aims to clarify how the FTC plans to expand its use of a 14-year-old rule. Earlier this year, it used the rule in relation to sharing data with business partners for the first time against GoodRx, settling for $1.5 million and accusing the site of sharing data with Google, Facebook and other firms.

Angela Matney, counsel at Reed Smith, noted that the rule was initially intended to be temporary until federal privacy legislation was enacted.

“Some companies do see this as a broad, maybe very broad expansion,” Matney told Pulse. “Others might see it as a codification of existing interpretations.”

The supporters: The proposal received significant backing, including from leading Democrats on the Hill, the American Psychiatric Association, the American Academy of Family Physicians and CHIME.

CHIME, which represents health IT leaders, said the proposal would better secure health data from the increasing number of health apps, including wellness products, that don’t fall under HIPAA, which applies to insurers and providers.

“We have been disheartened to see various mental health apps fall short of their privacy promises, giving away their data to third parties using deceptive practices,” Reps. Adam Schiff (D-Calif.), Sara Jacobs (D-Calif.) and four other members commented. “We are glad to see the FTC take an important step in strengthening protections.”

The skeptics: The Health Innovation Alliance, data-sharing firm DirectTrust, genetics firm Invitae and others raised concerns about the rule’s scope.

“Your current proposed rule relies on authority the Commission has granted itself. We fear that well-intended proposals to protect consumer and patient privacy in your rule will be challenged and overturned by litigation,” the Health Innovation Alliance wrote, echoing concerns from legal experts and adding that “simple vendors like corner markets” could fall under the rule.

Others like HIMSS’ Electronic Health Record Association called for more clarity on what health data falls under the rule.

WELCOME TO WEDNESDAY PULSE. Are you a part of a company that didn’t comment on the FTC’s rule but wants to be heard? Reach me at bleonard@politico.com. I can keep you anonymous.

And send feedback, scoops and tips to me and Chelsea at ccirruzzo@politico.com. Follow along @_BenLeonard_ and @ChelseaCirruzzo.

TODAY ON OUR PULSE CHECK PODCAST, host Megan Messerly talks with David Lim about the drop in the reporting of medical device shortages to the FDA after mandatory reporting requirements — tied to the Covid-19 public health emergency — expired in May.

A message from PhRMA:

It's no surprise that hospitals pay one price for medicines and charge patients another. But a new report shows hospitals charge as much as 500% more. And that upcharge leads to higher costs for everyone. Especially patients. Get the details.

Ohio residents headed to the polls Tuesday to cast a vote on whether to make the state constitution harder to amend. | Samantha Hendrickson/AP Photo

A WIN FOR ABORTION RIGHTS ADVOCATES — Ohio voters shot down a measure that would have made it much harder to amend the state’s constitution and would have had direct ramifications for the fate of Ohio’s abortion-rights ballot measure in November.

Issue 1 would have moved the threshold to approve future ballot initiatives from a simple majority to 60 percent, which would have made it more difficult for an amendment on the ballot establishing rights to an abortion to pass in November.

Proponents of the failed Issue 1 say it wasn’t just about abortion but also about shielding the state constitution from special interests. Opponents had argued it was an antidemocratic move aimed at restricting freedoms, including abortion rights.

WHAT YOU NEED TO KNOW ABOUT ‘ERIS’ — A quickly spreading subvariant dubbed “Eris” has recently become the most prevalent Covid strain nationwide, but experts aren’t sounding alarm bells, POLITICO’s Andrew Zhang reports.

Medical experts have said the subvariant of Omicron formally known as EG.5 doesn’t seem to cause more severe illness than previous coronavirus strains.

The World Health Organization has begun tracking EG.5 but hasn’t labeled it as a variant of interest or concern. In comparison, the XBB.1.5 strain, which previously dominated transmission in the U.S., is listed as a variant of interest.

Covid-19 hospitalizations are rising for the first time since the beginning of 2023, but public health experts and the White House appear confident the U.S. is well positioned to manage the virus heading into the fall.

YOUR TICKET INSIDE THE GOLDEN STATE POLITICAL ARENA: California Playbook delivers the latest intel, buzzy scoops and exclusive coverage from Sacramento and Los Angeles to Silicon Valley and across the state. Don't miss out on the daily must-read for political aficionados and professionals with an outsized interest in California politics, policy and power. Subscribe today.

HHS, PA AGREEMENT — Pennsylvania has agreed to reform its child welfare practices to protect the rights of people recovering from substance use disorders, as required under federal disability law, Evan reports.

The state’s agreement with the civil rights arm of the federal Department of Health and Human Services resolves a complaint from an individual being treated for substance use disorder, who was prevented from applying to be a foster parent by a county-operated child welfare agency. HHS said the state hadn’t adequately overseen the county agency.

Pennsylvania will voluntarily:

— Refrain from discrimination against people with disabilities, including people in treatment for opioid use disorder

— Designate a coordinator to oversee compliance with federal disability laws

— Adopt a nondiscrimination policy emphasizing that people with substance use disorders are entitled to federal disability protections in specific circumstances

— Establish a procedure for people to file complaints

A message from PhRMA:

WARNER PRESSES GOOGLE ON AI — Sen. Mark Warner (D-Va.), who chairs the Senate Intelligence Committee, raised concerns Tuesday that Google released its generative AI to hospitals for testing too quickly.

The technology can be used to help clinicians answer medical questions.

“Premature deployment of unproven technology could lead to the erosion of trust in our medical professionals and institutions, the exacerbation of existing racial disparities in health outcomes, and an increased risk of diagnostic and care-delivery errors,” Warner wrote in a letter to Alphabet CEO Sundar Pichai.

Warner pointed to Google’s research showing that the technology provided more inaccurate or irrelevant information than doctors did. Warner called for Google to answer a litany of questions, including whether Google provides an option for patients to opt out.

A Google spokesperson said the firm is making the technology available to a “select group” for “limited testing” of ways it could be used, saying customers have control of their data.

“We believe AI has the potential to transform healthcare and medicine and are committed to exploring with safety, equity, evidence and privacy at the core,” the spokesperson said.

HITTING YOUR INBOX AUGUST 14—CALIFORNIA CLIMATE: Climate change isn’t just about the weather. It's also about how we do business and create new policies, especially in California. So we have something cool for you: A brand-new California Climate newsletter. It's not just climate or science chat, it's your daily cheat sheet to understanding how the legislative landscape around climate change is shaking up industries across the Golden State. Cut through the jargon and get the latest developments in California as lawmakers and industry leaders adapt to the changing climate. Subscribe now to California Climate to keep up with the changes.

FIRST IN PULSE: SITE-NEUTRAL AD BLITZ — Americans for Prosperity is launching a five-figure ad campaign targeting constituents of key Republicans, encouraging them to back site-neutral payments.

Such policies aim to ensure that Medicare patients pay the same for drugs regardless of where they’re administered.

The advertisements are directed at Republicans on health subcommittees for the House Energy and Commerce, Education and the Workforce and Ways and Means Committees plus the GOP Doctors Caucus and New York lawmakers, a spokesperson for the group said.

INDIAN DRUG LOBBYING — The Indian Pharmaceutical Alliance, an international association representing India’s drugmakers, hired a former generic industry group leader to help it increase collaboration with the FDA, Megan reports.

The alliance hired Kathleen Jaeger, a lawyer who spent more than eight years helming the industry group now known as Association for Accessible Medicines, which has many members based in India.

Part of the advocacy efforts is a “goodwill campaign” with the FDA, according to disclosures, amid warnings from the U.S. regulator to India-based drugmakers about a litany of violations in recent years. India has the largest number of FDA-approved drug manufacturing facilities outside the U.S. and is the largest global exporter of generic medicines.

But reliance on internationally derived drugs has been called into question by lawmakers and the Biden administration as shortages of crucial medications mount.

A message from PhRMA:

You already know that billing at hospitals can be complicated. But a new report reveals something that might come as a shock. Did you know hospitals mark up some medicine prices 500%? Those costs get passed throughout the health care system and they lead to higher costs for patients. See the new data.

Kurt Barwis, Norvell Coots, Steven Diaz, Laura Kaiser, Michael Mayo, Tim McManus, Robert Trestman, Matt Wille and Bill Gassen will join the board of the American Hospital Association beginning Jan. 1.

Devin Jopp is joining the National Health Council’s board. He’s the CEO of the Association for Professionals in Infection Control and Epidemiology.

Lisa Rometty has been named CEO of Zerigo Health. She was previously president of CVS Kidney Care.

STAT reports on senators encouraging the IRS to probe nonprofit hospitals on community benefit requirements.

Healthcare Dive reports on hospitals’ increased vulnerability to breaches around mergers and acquisitions.

Follow us on Twitter

Dan Goldberg @dancgoldberg Chelsea Cirruzzo @chelseacirruzzo Katherine Ellen Foley @katherineefoley Lauren Gardner @Gardner_LM Kelly Hooper @kelhoops Robert King @rking_19 Ben Leonard @_BenLeonard_ David Lim @davidalim Megan Messerly @meganmesserly Alice Miranda Ollstein @aliceollstein Carmen Paun @carmenpaun Daniel Payne @_daniel_payne Evan Peng @thepngfile Ruth Reader @RuthReader Erin Schumaker @erinlschumaker Megan R. Wilson @misswilson

Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to .