U.S. Senator Schumer Calls for Increased Regulation of Wearable Electronic Devices to Avoid Data Privacy Issues

Reed Smith’s Global Regulatory Enforcement Law Blog features a post on the recent phenomenon of wearable electronic devices and the legal issues that may arise from these gadgets. "Wearable Device Privacy - A Legislative Priority?," written by Reed Smith attorneys Frederick Lah and Khurram Gore, discusses a recent press release issued by U.S. Senator Chuck Schumer of New York expressing concern that personal health data collected by wearable devices and fitness apps, including medical conditions, sleep patterns, calories burned, GPS locations, blood pressure, weight, and more, will be provided to third parties without the user knowing it. Schumer, citing this as a threat to personal privacy, has urged the Federal Trade Commission to mandate that device and app companies provide users with an explicit “opt-out,” allowing them to block the distribution of this information to any third parties.

As the authors note, with the rising popularity of these types of devices, we expect regulators, legislators, and companies to start paying closer attention to the data security and privacy risks associated with their use.

Do You Know Where Your Pharmaceuticals Are From? Navigating the "Country of Origin" Question for Pharmaceutical Products

Drug and medical device manufacturers are often faced with difficult — and sometimes unexpected — challenges in sorting out the country of origin for their products, which are often sourced, processed and manufactured in multiple countries.

One would think it would be easy to answer the question, “What is a pharmaceutical product’s ‘country of origin’?” Unfortunately, as Jeffrey Orenstein and Lorraine Campos point out in “Origin of the Pieces: How to Determine a Pharmaceutical Product’s ‘Country of Origin,’” the answer to this question is not as simple as many would think – and the correct answer can depend on who is asking. Jeff and Lorraine’s article is published in the Spring 2014 edition of the Public Contract Law Journal.

Supreme Court Decision on Reverse Payments has Significant Implications for Pharmaceutical Manufacturers

Reed Smith’s Global Regulatory Enforcement Law Blog recently featured a detailed analysis of the Supreme Court’s decision in FTC v. Actavis, where the court ruled five-to-three that reverse payments, also called pay-for-delay settlements, can violate antitrust laws and are subject to antitrust review under the rule-of-reason. As reverse payments are commonly used by branded drug manufacturers to settle patent litigation related to generic drug manufacturers’ market entry, this decision will change the approaches courts, drug company litigants, and lawmakers take to the issue of generic entry into a patented brand drug’s market. To learn more about the implications for both branded and generic drug manufacturers, particularly in their approach to resolving patent litigation, read the full alert.

FTC Issues Guidance to Mobile App Developers

Reed Smith's AdLaw By Request blog features a post on the Federal Trade Commission's recently published "Marketing Your Mobile App: Get It Right from the Start," a set of guides addressing compliance with truth in lending and privacy principles for mobile app developers. Reed Smith partner Doug Wood notes that disclosures and privacy protection for mobile apps is a major issue and recommends that the guides should be read carefully by anyone in the mobile app business. Developers and marketers operating in the health care and life sciences industry should take note.

FTC's Proposed Rule Changes Modify HSR Reporting Requirements for Pharmaceutical Exclusive Licensing Deals

Reed Smith's Global Regulatory Enforcement Law Blog recently featured a post regarding the Federal Trade Commission's proposed changes to the premerger notification rules to clarify when the transfer of exclusive marketing, sales and manufacturing rights to a patented pharmaceutical product requires notification to the agencies under the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (15 U.S.C. § 18a). The proposed rule changes are applicable only to the pharmaceutical industry. The comment period closes October 25, 2012.

Red Flags Rule Enforcement Postponed Again

On May 28, 2010, just shy of the June 1st compliance deadline, the Federal Trade Commission announced that it would again be postponing enforcement of the Red Flags Identity Theft Prevention Rule through December 31, 2010. This delay comes at the request of Congress, which has been considering legislation (which has been referred to the Senate Committee on Banking, Housing, and Urban Affairs) that would affect the scope of entities covered by the Rule. The FTC "urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays." If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.

FCC Proposes Tougher Rules on Telemarketing

This post was written by Robert H. Jackson.

The Federal Communications Commission (“FCC”) has proposed changes to its Telephone Consumer Protection Act (“TCPA”) rules that would conform to the Federal Trade Commission’s Telemarketing Sales Rule (“TSR”). The primary change in the regulations would affect the sending of prerecorded messages (a/k/a “robocalls”) by barring them even to existing customers without first obtaining prior written consent. At first blush, this seems routine, but because of differences in the FCC’s and FTC’s statutory jurisdiction, there are complicated implementation issues that could trap unsuspecting companies. Other key issues for the health care industry is whether the FCC should create an exemption for prerecorded messages that are subject to Health Insurance Portability and Accountability Act (“HIPAA”) and, if so, how such exemption should be implemented. For more information about these changes, please read our client alert written by Robert Jackson.

FTC (Revised) Endorsement Guides Go Into Effect

As noted by our colleagues at Legal Bytes, on December 1, 2009, the revised "Guides Concerning the Use of Endorsements and Testimonials in Advertising" released by the Federal Trade Commission ("FTC") came into effect. Washington, D.C. partner John P. Feldman, an authority in advertising regulations and compliance, recently outlined some considerations every advertiser should take into account in his memo, "FTC Endorsement Guides (Revised) - Some Thoughts As They Become Effective." To read John's full analysis, click here.

Legal Bytes has been following new developments regarding the FTC's Guidelines since November 2008. In case you missed any earlier updates, you can refer back to them here: FTC Testimonial and Endorsement Guides Stimulate Industry Comment (March 2009); a presentation given at the University of Limerick on the subject entitled "Trust Me, I'm a Satisfied Customer: Testimonials & Endorsements in the United States," which you can download (If You Didn't Make It to Ireland ...); Ghostwriters: Medical Research or Paid Endorsers (and are they mutually exclusive?) and Rights of Publicity - Wake Up and Smell the Coffee! (both in August 2009); and FTC Releases Updated Endorsement & Testimonial Guidelines and Reed Smith Analysis of the New FTC Endorsement and Testimonial Guidelines (both in October 2009).

Another Postponement of FTC's Red Flags Rule

On October 30, 2009 the Federal Trade Commission (FTC) issued a News Release announcing that it is granting industries under the FTC's jurisdiction an additional 7 months (i.e., until June 1, 2010) to develop and implement their identity theft prevention programs as required under the FTC's Identify Theft Red Flags Rule. According to the FTC News Release, this additional extension has been provided at the request of members of Congress. In making this announcement, the FTC attempts to refocus the attention of creditors and financial institutions to the FTC's dedicated Red Flags Rule website, which contains various compliance guidance documents designed to assist affected industries with the development of Identity Theft Protection Programs. 

Also on October 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. The FTC's New Release acknowledges this ruling, and further cautions that the FTC's additional postponement of Red Flags Rule enforcement remains distinct from whatever timeline may be associated with the aforementioned court proceeding and any possible appeals.

The announcement of the additional extension is available at www.ftc.gov, and our prior posts on the Red Flags Rule are available here.

FTC Issues Final Rule on Notifying Consumers About Breaches of Electronic Health Records

This post was written by Mark S. MelodiaMichael K. BrownJ. Ferd Convery, IIISteven J. Boranian, Brad M. Rostolsky, Shana R. Fried and Paul Bond.

Until now, the loss or theft of protected health information rarely resulted in notice to consumers. Very few state data security breach notification laws encompass medical information. The Health Insurance Portability and Accountability Act ("HIPAA") merely required an "accounting" of such events to a patient upon the patient's request.

All that has changed. Congress, in enacting the Health Information Technology for Economic and Clinical Health Act ("HITECH"), imposed breach notification obligations on many of the individuals and business entities that receive, create, or maintain patients' individually identifiable health information. Pursuant to HITECH, on Aug. 17, the Federal Trade Commission ("FTC") issued its Health Breach Notification Rule, governing the breach notification obligations of three new categories of entity: "vendors of personal health records," "PHR related entities" and "third party service providers."

To read the full alert, click here.

FTC Further Postpones Identity Theft Red Flags Rule

On July 29, 2009 the Federal Trade Commission (FTC) issued a News Release announcing that it is granting industries under the FTC's jurisdiction an additional 3 months to develop and implement their identity theft prevention programs as required under the FTC's Identify Theft Red Flags Rule. Additionally, the FTC staff will "redouble" its education efforts and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply.   By extending the enforcement date of the Rule until November 1, 2009, the FTC intends to give creditors and financial institutions more time to review the forthcoming guidance and to develop and implement written Identity Theft Prevention Programs. The announcement of the extension is also available at www.ftc.gov, and our prior posts on the Red Flags Rule are available here.

Identity Theft Red Flag Rule Further Postponed

This post was written by Carol Loepere.

On April 30, 2009 the Federal Trade Commission (FTC) issued a News Release announcing that it is granting industries under the FTC's jurisdiction an additional 3 months to develop and implement their identity theft prevention programs as required under the FTC's so-called Identify Theft Red Flag Rule. The FTC also stated that that some entities, particularly those that are small, non-traditional creditors, would benefit from the availability of a template Red Flags program in developing their programs. The Commission staff intends to publish such a template for low-risk entities shortly. The FTC said that the extension, coupled with the release of the template, should be sufficient to enable low-risk entities to prepare their programs without undue burden. The announcement of the extension is also available at www.ftc.gov.

Testimonials and Endorsements: Complying with the FTC Guides in Light of Proposed Changes

This post was written by John P. Feldman and Anthony E. DiResta.

One of the most frequent strategies employed by advertisers is to let the consumer hear about the advertised product or service from a third party, someone other than the advertiser itself. At its root, an endorsement or testimonial when used in advertising is the advertiser’s way of saying, “Don’t just take my word for how wonderful my product or service is, listen to this unbiased person whose opinion you should rely upon to make a purchasing decision.” The Federal Trade Commission (FTC or Commission) originally published Guides Concerning the Use of Endorsement and Testimonials in Advertising (The Guides) in 1972. The Guides have not been updated since 1980. In January, 2007, the FTC sought comments on proposed modifications and updates to the Guides. In particular, the Commission sought comments on whether so-called “disclaimers of typicality,” statements like “Results not typical” or “Your results may vary,” should continue to be a valid way to communicate that a testimonial does not represent experiences consumers will generally achieve with the advertised product or service.

Click here to view the alert.

FTC Grants Six-Month Delay on Enforcement of the "Red Flag Rules"

This post was written by Carol C. Loepere.

Today, the Federal Trade Commission (FTC) issued a press release to announce that it will suspend enforcement of the new “Red Flag Rules” until May 1, 2009, to give "creditors" and financial institutions additional time in which to develop and implement written identity-theft prevention programs. Reed Smith has worked on behalf of the American Health Care Association (AHCA) to question the applicability of the rules to health care providers, and to request a delay in the effective date of the rule. For more on the possible application of the FTC's Red Flag Rules to health care providers, see our prior post

FTC's Identity Theft Red Flag Regulations: Implications for Health Care Providers

This post was written by Debra L. Hutchings, Paul J. Bond, and Carol C. Loepere.

In November 2007, the Federal Trade Commission (“FTC”) issued sweeping regulations aimed at deterring, detecting and preventing identity theft. Under these rules, known as the Red Flag Regulations, 16 C.F.R. § 681.1 et seq. and Final Rule (“Red Flag Regulations”), financial institutions and creditors of covered accounts must establish a program to detect, prevent and mitigate identity theft. While somewhat unclear and perhaps counterintuitive, the breadth of the Red Flag Regulations and the FTC’s current interpretation indicates that these rules apply to many participants in the health care industry. The rules become effective November 1, 2008.

The Red Flag Regulations have three parts, two of which pertain to the health care industry. The first part applies to anyone who uses “consumer reports” for employment, insurance or credit purposes. The second part places obligations on “creditors and financial institutions” to detect, prevent and mitigate identity theft in relation to accounts covered under the Red Flag Regulations. This Client Alert addresses each part in turn.