Table 1:
United States Privacy Laws and Terms Defined (adapted from the Federal Trade Commission Web site 7)
| Name | Definition |
|---|---|
| Health Insurance Portability and Accountability Act (HIPAA) | Enforced by the Office for Civil Rights (OCR) within the U.S. Department of Health & Human Services (HHS), HIPAA protects the privacy and security of certain health information and requires certain entities to make aware health information breaches. HIPAA covered entities include: Health care providers who conduct certain electronic transactions, Health plans, and Health care clearinghouses |
| Federal Food, Drug, and Cosmetic Act (FD&C Act) | Enforced by the FDA, the FD&C Act regulates the safety and effectiveness of medical devices, including some mobile medical apps. Mobile medical apps are defined as follows: 1. An accessory to a regulated medical device; 2. An app which transforms a mobile platform into a regulated medical device e.g. a mobile platform to measure blood glucose levels; 3. An app that conducts analyses or interprets data from another medical device e.g. an app that takes the user’s information and develops a dosage plan for radiation therapy. |
| Federal Trade Commission Act (FTC Act) | Enforced by the FTC, the FTC Act prohibits deceptive or unfair acts/practices related to commerce, including those relating to privacy and data security, and those involving claims about apps’ safety or performance that are untrue or misleading. |
| FTC’s Health Breach Notification Rule | The FTC’s Health Breach Notification Rule requires certain businesses to provide notifications following breaches of personal health record information. |