Last month, the Federal Trade Commission (“FTC”) announced its enforcement action against telehealth firm, Cerebral, Inc. (“Cerebral”), for its alleged unauthorized disclosures of consumers’ sensitive personal health information and other sensitive data to third parties for advertising purposes in violation of the FTC Act. The complaint also alleges that Cerebral violated the Opioid Addiction Recovery Fraud Prevention Act (“OARFPA”), and the Restore Online Shoppers’ Confidence Act (“ROSCA”), which permits the court to order permanent injunctive relief, civil penalties, and other monetary relief for actions in violations of specific sections of the FTC Act, the OARFPA, and the ROSCA. According to the proposed order, Cerebral must pay more than $7 million in civil penalties and consumer refunds. In addition, Cerebral will be banned from using or disclosing consumers’ personal and health information (including online identifiers, such as IP addresses or other persistent identifiers) for advertising and must obtain consumers’ affirmative express consent before disclosing such information to outside parties.
Below is a discussion of the complaint and proposed order.Continue Reading FTC Announces Health Privacy Enforcement Action Against Telehealth Company, Cerebral