Protecting Privacy: Insurance Implications of the FTC's New Standards

David Derigiotis
4 min
June 4, 2024

Cyber Liability

As ransomware events and data breaches continue to plague organizations of all sizes, regulatory bodies are stepping up to safeguard consumer interests. The Federal Trade Commission (FTC) has recently introduced new privacy standards to protect users of health apps and devices, signaling a significant shift in the regulatory landscape. As the insurance industry relies heavily on customer data and operates within a complex web of regulations, understanding the implications of these standards is paramount, especially for those who operate in or around the healthcare space. 

As custodians of sensitive information and risk advisors for their clients, brokers face heightened scrutiny in light of evolving privacy concerns and regulatory requirements. Compliance with these standards requires a comprehensive understanding of data handling practices—from collection to storage and sharing. Additionally, brokers must prioritize transparency and accountability, ensuring clear disclosures to consumers regarding how data is utilized and protected by their clients. 

Understanding the FTC’s New Privacy Standards

The new privacy standards will enhance consumer privacy protections and address emerging challenges in the digital age. These standards include various aspects: data collection, usage, transparency, and security practices. 

Key elements include:

Expanded Scope

  • The revised rule clearly covers health apps and similar technologies not covered by HIPAA, including mobile apps that access personal health records (PHRs).
  • The definition of "PHR-related entity" now includes entities offering products/services through online services or mobile apps of PHR vendors, clarifying the rule's applicability to health apps.

Revised Breach Definition

  • The definition of "breach of security" has been expanded to include both data security incidents and unauthorized disclosures of unsecured personal health information.

Notification Requirements

  • For breaches affecting 500+ individuals, covered entities must notify the FTC at the same time they notify affected consumers within 60 days of breach discovery.
  • Breach notifications to consumers must include details like the identity of any third parties that acquired the breached data.
  • Expanded use of electronic notification methods like email is now permitted.

Other Changes

  • Revised definitions clarify the rule's application to entities that can draw personal health data from multiple sources.
  • The final rule aims to improve readability and promote compliance.

The updated Health Breach Notification Rule (HBNR) reflects the FTC's efforts to address the growing use of health apps and connected devices, ensuring they face accountability for safeguarding consumers' sensitive health information. The changes will take effect 60 days after publication in the Federal Register.

Insurance Implications

In an industry where client data is paramount for underwriting, risk assessment, and claims processing, the FTC's new privacy standards have substantial implications for insurance professionals.

Compliance & Regulatory Standards

Brokers must ensure compliance with these standards to avoid potential regulatory penalties and safeguard their client’s reputations. Such compliance involves a comprehensive review of data collection and usage practices, ensuring alignment with the FTC's transparency, consent, and data security principles. Failure to adhere to these standards exposes brokers to legal risks and undermines client trust, emphasizing the critical importance of proactive compliance measures.

Privacy & Security

Prioritizing robust security measures to protect sensitive client information from potential data breaches and unauthorized access is now more critical than ever. Furthermore, enhancing transparency through clear disclosures about data collection, usage, and sharing practices is paramount, empowering clients to make informed decisions regarding their privacy rights.

Trust & Transparency

The focus on consumer consent and data handling also holds significant implications for organizations. Brokers must prioritize clear communication and education initiatives to empower businesses with knowledge about their privacy rights and data handling responsibilities. By embracing a client-centric approach to privacy, brokers strengthen trust and loyalty and differentiate themselves in a competitive market.

Navigating Compliance Challenges

Although the new privacy standards provide essential consumer protections, they also present organizations with evolving compliance challenges. Brokers must navigate a complex regulatory landscape, ensuring alignment with FTC regulations and other pertinent Federal laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the growing state-by-state approach to passing new consumer privacy laws To effectively tackle these compliance challenges, brokers should stay up to date on the ever-evolving nature of the many governance frameworks and align with a wholesale broker who has deep organizational knowledge and expertise in this space. Flow With the Changes

These new privacy standards have far-reaching implications for the insurance industry. By prioritizing client privacy and data protection, brokers can build trust, enhance relationships, and effectively navigate regulatory challenges. Embracing a proactive approach to compliance and adopting robust privacy practices is essential for insurance professionals to thrive in an increasingly regulated and data-driven environment.

At Flow, providing white glove service to our clients to help them succeed is paramount. Stay competitive in an evolving industry with access to top markets and deep insights. Our approach is efficient and committed to maximizing your potential and saving you valuable time. We've simplified the ease of doing business with our seamless email submissions. With our AI-powered tools and efficient automation, securing policies is a breeze, complemented by our personalized approach and industry-leading commission potential.

Explore our range of products and appetite today.

David Derigiotis
4 min
June 4, 2024

Share post

Wholesale Insurance

With a Heartbeat

Get in touch