Health Apps and the FTC’s Health Breach Notification Rule

Tricia Kaufman | Stinson LLP

Tricia focuses her practice on helping medical device and other life sciences companies get their products to market and maintain regulatory compliance throughout the product lifecycle. Tricia’s years of experience working in the medical device industry, coupled with her legal training and experience, provides her with a unique insight into the operational and day-to-day challenges involved in getting products to market and maintaining compliance with the various laws that govern the sales and distribution of life sciences products, allowing her to provide creative and practical solutions to complex problems.

As a health care and life sciences lawyer, Tricia advises medical device, cosmetics and pharmaceutical companies, and other suppliers and vendors in the health care industry, on a full range of regulatory and compliance issues including Food and Drug Administration (FDA) regulatory pathways, digital health, labeling, advertising and promotion, sales strategies, distribution, Sunshine Act reporting, FDA enforcement actions, recalls, federal and state anti-kickback laws and state licensing. A significant amount of Tricia’s practice also includes advising clients in the health care industry regarding data use, HIPAA privacy and security requirements and related matters. Committed to service and diversity, Tricia serves on the Advisory Committee for the VocalEssence WITNESS program, which celebrates the contributions of African Americans to our shared American heritage through concerts, recordings, and school programs.

Sheva Sanders | Stinson LLP

Sheva can help you find innovative solutions to complex regulatory problems. With more than 30 years of experience advising health care and life sciences companies, Sheva brings tremendous experience and knowledge to advising on complex regulatory issues faced by her clients and provides deep subject matter knowledge and experience for complex transactions, investigations, and litigation. Known as a thought leader in the health care and life sciences industries, Sheva is deeply committed to providing timely, comprehensive advice to her clients.

She counsels health care, managed care, medical device, pharmaceutical, life sciences and PBM clients on regulatory matters, including fraud and abuse, compliance, and reimbursement, and helps her clients bring innovative offerings to market. Sheva represents clients in resolving matters with CMS, FDA, and various state agencies, conducts internal investigations and helps establish and implement compliance programs. A frequent teacher, speaker and writer on topics related to health law and health policy, Sheva has been a member of the Minneapolis Children’s Hospital Bioethics Committee, and the University of Minnesota Advisory Board for the Joint Degree in Law, Science & Technology, and has been an adjunct professor at both William Mitchell College of Law and Hamline University School of Law. She teaches health care regulation at both the University of Minnesota and Northwestern University School of Law. Sheva was named a 2003 AdvaMed Achiever for her role in drafting the AdvaMed Code of Ethics. Sheva is chair of the firm’s Life Sciences and Health Law Industry group.

Steven J. Cosentino, CIPP | Stinson LLP

Steve lives and breathes technology, utilizing his experience intellectual property and corporate finance to help companies navigate the cyber landscape. Strategically positioned at the intersection of technology, finance and law, Steve negotiates technology transactions in the software, mobile, health care and FinTech industries. His primary focus is on technology related transactions and compliance, with an emphasis on software licensing and services, banking technology, data center services, outsourcing, data privacy, e-commerce, advertising, cloud computing and cybersecurity. He navigates complex mergers and acquisitions, guides corporate transactions, and facilitates complex technology and intellectual property collaborations.

Steve counsels clients on crisis management, data breach response and compliance with U.S. and international privacy and data security laws including the Children’s Online Privacy Protection Act (COPPA), the Telephone Consumer Protection Act (TCPA), CAN SPAM, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Protection Act (CCPA), The Health Insurance Portability and Accountability Act (HIPAA ), Biometric Information Privacy Act (BIPA), and the EU-U.S. Privacy Shield and the FTC Act. Steve is a Certified Information Privacy Professional (CIPP) through the International Association of Privacy Professionals. He developed a comprehensive program to audit the data practices of companies transacting business on the Internet and provides complete services for e-commerce and software licensing transactions. He also offers a comprehensive social networking compliance program for businesses. Steve chairs the firm’s Intellectual Property and Technology Division and co-chairs the firm’s Data Security, Privacy and Information Governance team.

I. Welcome | 12:00pm – 12:05pm
II. Program | 12:05pm – 12:55pm

1. Laws governing the privacy and security of personal health information held by businesses
2. Introduction to the FTC’s Health Breach Notification Rule
3. FTC’s recent policy statement regarding enforcement of the rule and the rule’s applicability to a broad range health apps and connected devices sold to consumers
4. Next steps vendors of health apps can take

III. Q&A | 12:55pm – 1:00pm