FTC testifies on efforts to protect privacy and security of consumer health information

FTC testifies on efforts to protect privacy and security of consumer health information

The Federal Trade Commission outlined its work to protect consumers, in testimony before Congress, in the growing area of health information technology.

Director of the FTC’s Bureau of Consumer Protection, testified on behalf of the Commission, highlighted the FTC’s efforts to protect the privacy and data security of consumer health information, particularly in areas where their medical information is being collected, used, and shared outside of doctors’ offices or other traditional medical contexts.

The testimony before the Subcommittees on Information Technology and Health, Benefits and Administrative Rules of the House Committee on Oversight and Government Reform provided background on FTC law enforcement efforts, policy work and consumer and business education programs related to this particular area.

Specifically, the testimony highlighted a number of cases brought by the Commission using its authority under the FTC Act, including against a medical billing company that deceived consumers about how information collected from them is used, as well as cases relating to the unlawful data security practices of companies that manage consumers’ sensitive health information.

The testimony noted various policy initiatives designed to promote privacy and data security in the health information technology area, including an FTC seminar on consumer generated health information, a staff report on the Internet of Things, and collaboration with other federal agencies on policy initiatives related to health information technology issues.

In addition, the testimony highlighted the Commission’s ongoing efforts to provide education to consumers and businesses about issues in the health information technology area, including customized advice for victims of medical identity theft, and work to provide businesses with useful guidance on how to reduce security risks by starting with smart data security practices.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.