A recent enforcement action by the Federal Trade Commission (“FTC”) against 1Health.io—which sells “DNA Health Test Kits” to consumers for health and ancestry insights—serves as a reminder that the FTC is increasingly exercising its consumer protection authority in the context of privacy and data protection. This is especially true where the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not reach. The FTC’s settlement with 1Health.io highlights a wide-range of privacy and security issues companies should consider relating to best practices for updating privacy policies, data retention policies, configuration of cloud storage and vendor management, especially when handling sensitive genetic data.
The market for direct-to-consumer (“DTC”) genetic testing has increased dramatically over recent years as more people are using at-home DNA tests. The global market for this industry is projected to hit $2.5 billion by 2024. Many consumers subscribe to DTC genetic testing because they can provide insights into genetic backgrounds and ancestry. However, as more consumers’ genetic data becomes available and is shared, legal experts are growing concerned that safeguards implemented by U.S. companies are not enough to protect consumers from privacy risks.
Some states vary ...
Blog Editors
Recent Updates
- Medicaid Behavioral Health Investigations and Payment Suspensions in D.C. Are Increasing – How Providers Can Limit Risk
- ‘Emilie’ Is Not a Psychiatrist: Pennsylvania Board of Medicine Alleges Unlawful Practice of Medicine by an AI Chatbot
- DOJ’s West Coast Strike Force to Target Health Care Fraud in Arizona, Nevada, and Northern California
- DOJ FOCUS Initiative Prioritizes “High Quality” Data Miner Actions by FCA Whistleblowers
- FDA Proposal Would Leave Semaglutide, Tirzepatide, and Liraglutide Off 503B Bulks List