FTC Asserts Independent Authority Over HIPAA-Covered Entities

By: Arieanna Schweber | 11/3/2016

The Federal Trade Commission (FTC) and the Office for Civil Rights (OCR) have jointly released a guide on the importance of complying with both HIPAA and the FTC Act. The guide reminds healthcare organizations to comply with both regulations as investigations or fines for non-compliance are assessed independently by each agency. The document re-asserts the FTC’s authority over HIPAA-covered entities. It is yet another instance where the FTC is making clear its authority over regulation of data security practices across all industries.

Does your business collect and share consumer health information? When it comes to privacy, you’ve probably thought about the Health Insurance Portability and Accountability Act (HIPAA). But did you know that you also need to comply with the Federal Trade Commission (FTC) Act? This means if you share health information, it’s not enough to simply consider the HIPAA regulations. You also must make sure your disclosure statements are not deceptive under the FTC Act.

The document outlines the highlights of the HIPAA Privacy Rule requirements and the additional requirements under the FTC Act, particularly when it comes to statements to consumers and other “deceptive or misleading” practices or claims.

This statement underscores the growing complexity of data protection and the new liabilities that organizations face when it comes to data breaches. From multiple regulatory bodies to growing class action lawsuits, the ramifications of a breach are growing in both complexity and cost. Given the current regulatory environment, it’s best to expect and prepare for regulatory scrutiny, with as many audit logs and data trails as possible to prove compliance.

Data-Centric Approach to Security

A data-centric approach to security will focus on protecting data, no matter where it lives or moves. The first step is to find out where your data lives, and that’s where we can help. Our new Endpoint Data Discovery (EDD) toolkit in Absolute DDS can help you monitor and protect sensitive data on the move, even if that data is hidden in cloud storage applications. With our technology, you can tighten the strings on your entire security deployment. Learn more at Absolute.com

Financial Services