Health Apps and the FTC’s Health Breach Notification Rule

Tricia KaufmanAC
Sheva Sanders
Steven J. Cosentino, CIPP
Tricia KaufmanAC | Stinson LLP
Sheva Sanders | Stinson LLP
Steven J. Cosentino, CIPP | Stinson LLP

On-Demand: January 11, 2022

$95.00 1 hour CLE

MCLE Credit Information:

Select Your State Below to View CLE Credit Information

Can't Decide Which CLE Progam?

Access All
Federal Bar Association Programs
Co-Sponsored by myLawCLE
Only $395yr

Annual Subscription includes access to:
  • 500+ Live CLE Webinars
  • National Hot Legal Topics
  • New Laws and Regulations
  • State Specific Programs
  • All Formats: Live, Replay, & On-Demand
Subscribe Today
Training 5 or more people?

Sign-up for a law firm subscription plan and each attorney in the firm receives free access to all CLE Programs

Program Summary

Vendors of health apps and connected devices sold directly to consumers, including apps that track medications, fitness, fertility, sleep, mental health, diet, and other vital areas, may have concluded that they are not covered by HIPAA's rules regarding the privacy and security of personally identifiable health information. However, many are not aware that the Federal Trade Commission also has its own breach notification rule that covers vendors of personal health records and carries steep fines for violations. This presentation will provide viewers with an overview of the FTC's Health Breach Notification Rule, who it covers and what is required in the event of a data breach. In addition, the speakers will explore the recent statement by the FTC that its rule covers certain vendors of health apps and connected devices, and what steps health app vendors can take to minimize risk.

This course is co-sponsored with myLawCLE.

Key topics to be discussed:

  • A high-level overview of the various laws governing the privacy and security of personal health information held by businesses in the United States
  • An introduction to the FTC's Health Breach Notification Rule, including who it covers, what it requires and what penalties can be imposed
  • The FTC's recent policy statement regarding enforcement of the rule and the rule's applicability to a broad range health apps and connected devices sold to consumers
  • What next steps vendors of health apps can take to minimize risk

Date / Time: January 11, 2022

  • 12:00 pm – 1:00 pm Eastern
  • 11:00 am – 12:00 pm Central
  • 10:00 am – 11:00 am Mountain
  • 9:00 am – 10:00 am Pacific

Choose a format:

Live Video Broadcast/Re-Broadcast: Watch Program "live" in real-time, must sign-in and watch program on date and time set above. May ask questions during presentation via chat box. Qualifies for "live" CLE credit.

On-Demand Video: Access CLE 24/7 via on-demand library and watch program anytime. Qualifies for self-study CLE credit. On-demand versions are made available 5 business days after the original recording date and are viewable for up to one year.

Closed-captioning available


Tricia-Kaufman_Stinson-LLP_FedBarTricia Kaufman | Stinson LLP

Tricia focuses her practice on helping medical device and other life sciences companies get their products to market and maintain regulatory compliance throughout the product lifecycle. Tricia’s years of experience working in the medical device industry, coupled with her legal training and experience, provides her with a unique insight into the operational and day-to-day challenges involved in getting products to market and maintaining compliance with the various laws that govern the sales and distribution of life sciences products, allowing her to provide creative and practical solutions to complex problems.

As a health care and life sciences lawyer, Tricia advises medical device, cosmetics and pharmaceutical companies, and other suppliers and vendors in the health care industry, on a full range of regulatory and compliance issues including Food and Drug Administration (FDA) regulatory pathways, digital health, labeling, advertising and promotion, sales strategies, distribution, Sunshine Act reporting, FDA enforcement actions, recalls, federal and state anti-kickback laws and state licensing. A significant amount of Tricia’s practice also includes advising clients in the health care industry regarding data use, HIPAA privacy and security requirements and related matters. Committed to service and diversity, Tricia serves on the Advisory Committee for the VocalEssence WITNESS program, which celebrates the contributions of African Americans to our shared American heritage through concerts, recordings, and school programs.


Sheva-Sanders_Stinson-LLP_FedBarSheva Sanders | Stinson LLP

Sheva can help you find innovative solutions to complex regulatory problems. With more than 30 years of experience advising health care and life sciences companies, Sheva brings tremendous experience and knowledge to advising on complex regulatory issues faced by her clients and provides deep subject matter knowledge and experience for complex transactions, investigations, and litigation. Known as a thought leader in the health care and life sciences industries, Sheva is deeply committed to providing timely, comprehensive advice to her clients.

She counsels health care, managed care, medical device, pharmaceutical, life sciences and PBM clients on regulatory matters, including fraud and abuse, compliance, and reimbursement, and helps her clients bring innovative offerings to market. Sheva represents clients in resolving matters with CMS, FDA, and various state agencies, conducts internal investigations and helps establish and implement compliance programs. A frequent teacher, speaker and writer on topics related to health law and health policy, Sheva has been a member of the Minneapolis Children’s Hospital Bioethics Committee, and the University of Minnesota Advisory Board for the Joint Degree in Law, Science & Technology, and has been an adjunct professor at both William Mitchell College of Law and Hamline University School of Law. She teaches health care regulation at both the University of Minnesota and Northwestern University School of Law. Sheva was named a 2003 AdvaMed Achiever for her role in drafting the AdvaMed Code of Ethics. Sheva is chair of the firm’s Life Sciences and Health Law Industry group.


Steven-J.-Cosentino-CIPP_Stinson-LLP_FedBarSteven J. Cosentino, CIPP | Stinson LLP

Steve lives and breathes technology, utilizing his experience intellectual property and corporate finance to help companies navigate the cyber landscape. Strategically positioned at the intersection of technology, finance and law, Steve negotiates technology transactions in the software, mobile, health care and FinTech industries. His primary focus is on technology related transactions and compliance, with an emphasis on software licensing and services, banking technology, data center services, outsourcing, data privacy, e-commerce, advertising, cloud computing and cybersecurity. He navigates complex mergers and acquisitions, guides corporate transactions, and facilitates complex technology and intellectual property collaborations.

Steve counsels clients on crisis management, data breach response and compliance with U.S. and international privacy and data security laws including the Children’s Online Privacy Protection Act (COPPA), the Telephone Consumer Protection Act (TCPA), CAN SPAM, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Protection Act (CCPA), The Health Insurance Portability and Accountability Act (HIPAA ), Biometric Information Privacy Act (BIPA), and the EU-U.S. Privacy Shield and the FTC Act. Steve is a Certified Information Privacy Professional (CIPP) through the International Association of Privacy Professionals. He developed a comprehensive program to audit the data practices of companies transacting business on the Internet and provides complete services for e-commerce and software licensing transactions. He also offers a comprehensive social networking compliance program for businesses. Steve chairs the firm’s Intellectual Property and Technology Division and co-chairs the firm’s Data Security, Privacy and Information Governance team.


I. Welcome | 12:00pm – 12:05pm
II. Program | 12:05pm – 12:55pm

1. Laws governing the privacy and security of personal health information held by businesses
2. Introduction to the FTC’s Health Breach Notification Rule
3. FTC’s recent policy statement regarding enforcement of the rule and the rule’s applicability to a broad range health apps and connected devices sold to consumers
4. Next steps vendors of health apps can take

III. Q&A | 12:55pm – 1:00pm