On October 22, 2016, the FTC issued new guidance to all those subject to the HIPAA Privacy Rule, including “downstream” business associates. “Once you’ve drafted a HIPAA authorization, you can’t forget the FTC Act,” which prohibits deceptive or unfair acts or practices affecting commerce. According to the FTC, this includes the duty to avoid misleading others about what is happening with their health information. “Your business must consider all of your statements to consumers to make sure that, taken together, they don’t create a deceptive or misleading impression.” The FTC includes a “.com Disclosures report” for guidance on creating effective privacy practices disclosures. The FTC warns against inconsistent language in privacy practices disclosures and contradictions regarding when information may be displayed publicly.
Please click this link for more information: https://www.ftc.gov/system/files/documents/plain-language/pdf-0219_sharing-health-info-hipaa-ftcact.pdf