Just a few years ago, the legal landscape governing health-related personal information was relatively simple: Protected Health Information was regulated under Health Insurance Portability and Accountability Act, a discrete set of rules that applies to a specified set of healthcare plans, clearinghouses, and providers. While narrowly targeted statutes governed particular types of health data and the Federal Trade Commission maintained broad oversight over personal information, any data that could reveal or suggest a health condition or treatment was largely free of regulatory scrutiny and litigation risk.

Today, by contrast, the privacy of health-related personal information is under close scrutiny by the FTC, the U.S. Department of Health and Human Services’ Office for Civil Rights, and state regulators.

Read the full Update here.