Hennessy Quoted in Law360 About COVID Health Apps and Privacy Laws
September 18, 2020
Law360
Senior Counsel Jennifer Hennessy was quoted in the Law360 article, “Amid Pandemic, Health Apps Face Privacy Law Patchwork,” which discussed how in a surging market thanks to the coronavirus pandemic, developers of mobile health apps are facing challenges on how to comply with a patchwork of state data security laws.
Much of the traditional health care space is covered by the rigorous data security requirements outlined by federal regulators in the Health Insurance Portability and Accountability Act, or HIPAA. But other companies, like private businesses building apps to screen employees for symptoms of COVID-19, may not be subject to HIPAA’s requirements despite handling sensitive health data.
Separately, the current FTC in May solicited input about whether it should change a decade-old, little-used rule requiring companies that are not covered by HIPAA but still handle health information to publicly report data breaches. The commission asked for advice on whether it should change its Health Breach Notification Rule in light of “legal, economic, and technological changes,” including “developments in health care products or services related to COVID-19.”
The FTC noted at the time that more companies may soon be covered by its rule as patients increasingly turn to technologies such as virtual assistants and mobile health apps that might not be subject to HIPAA. Those companies are instead struggling to navigate a slew of differing state laws addressing how health data should be protected and how to handle a potential data breach. “We think health care and HIPAA go together in this country, and that’s true most of the time, but not always,” Hennessy said.
Much of the traditional health care space is covered by the rigorous data security requirements outlined by federal regulators in the Health Insurance Portability and Accountability Act, or HIPAA. But other companies, like private businesses building apps to screen employees for symptoms of COVID-19, may not be subject to HIPAA’s requirements despite handling sensitive health data.
Separately, the current FTC in May solicited input about whether it should change a decade-old, little-used rule requiring companies that are not covered by HIPAA but still handle health information to publicly report data breaches. The commission asked for advice on whether it should change its Health Breach Notification Rule in light of “legal, economic, and technological changes,” including “developments in health care products or services related to COVID-19.”
The FTC noted at the time that more companies may soon be covered by its rule as patients increasingly turn to technologies such as virtual assistants and mobile health apps that might not be subject to HIPAA. Those companies are instead struggling to navigate a slew of differing state laws addressing how health data should be protected and how to handle a potential data breach. “We think health care and HIPAA go together in this country, and that’s true most of the time, but not always,” Hennessy said.
People
Related News
December 18, 2025
In the News
Kyle Faget Weighs in on HHS Proposed Rule Limiting Gender-Affirming Care
Foley & Lardner LLP partner Kyle Faget commented on a recent proposal from the U.S. Department of Health and Human Services in the Law360 article, “HHS Proposes Hospital Ban On Gender Care For Minors.”
December 12, 2025
In the News
Foley Chairman and CEO Daljit Doogal Talks Firm Strategy and Growth, Featured in Media for Reelection
Foley & Lardner LLP Chairman and CEO Daljit Doogal is featured in The American Lawyer article, “Foley Board Taps Daljit Doogal for Second Term as Chair and CEO,” for his reelection to a second four-year term.
December 11, 2025
In the News
Carrie Hoffman Comments on SCOTUS Arbitration Jurisdiction Case
Foley & Lardner LLP partner Carrie Hoffman commented on the U.S. Supreme Court's decision to hear an arbitration jurisdiction case in the Law360 article, "High Court Arb. Jurisdiction Case May Impact W&H Cases."