Loading images...

FTC Act takes HIPAA Rules a Step Further

Every organization that collects and shares consumer (personal) health information needs a HIPAA Authorization to be able to share the information with necessary parties. From spouses to health care providers, the HIPAA Authorization lets consumers control who has access to their PHI.

The FTC Act takes this a step further, or deeper. Your HIPAA-compliant authorization must not in any way inadvertently mislead the consumer as to how the PHI is used.

How to Clean Up Your Authorization Interface

  • Be transparent; be clear. If not only the physician, but also a pharma company or other party will see it, say so up front, in big friendly letters.
  • Limit scrolling. Your authorization may look completely different on a mobile device. Say exactly how their health information may be used or shared at the beginning, not buried six swipes or a lengthy scroll later.
  • Give the whole story without contradictions. Let them know if a post – or message – will be viewed by others.
  • Using paper? Keep important disclosures to the front page. Paper stacks with different statements on each page relating to health information use is confusing – and may be misleading.
  • What does your electronic – or paper – authorization say? Is it effective and compliant?

If you’re interested in the details, you can read the FTC compliance tips here.

Apgar and Associates helps you on your compliance journey, including conducting a security risk analysis and creating risk mitigation and risk management plans. Contact us for more information, or with questions and concerns about your program at 877-376-1981. Apgar and Associates is also the home of the compliance consulting subscription program for qualifying organizations. 

Source: "Sharing Consumer Health Information? Look to HIPAA and the FTC Act" from FTC.gov.

Subscribe To Our Newsletter  HERE


"Chris is an expert in the area of Privacy and Security. I had the pleasure of working with Chris for several years on the National Health Information Security and Privacy Collaborative and his knowledge and ability to work through issues was invaluable to the team. I also had the opportunity to work for Chris on one of his projects and he was a pleasure to work for. If I need advice on Privacy and Security Chris is the go-to person!"

Kim Snyder, Vice President
Lumetra Healthcare Solutions

Mailing & Office Address

Apgar and Associates, LLC
P.O. Box 80278
Portland, OR 97280
p 503-384-2538
p 877-376-1981




7100 SW Hampton St.
Suite 137
Tigard, OR 97223

Blog Archives