Topics
Reimbursement
Elevance, UnitedHealth among insurers accused of alleged price fixing
Elevance, UnitedHealth among insurers accused of alleged price fixing
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
CommonSpirit, University of Utah Health team on access
CommonSpirit, University of Utah Health team on access
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
University Hospitals expanding with $3.2 million donation
University Hospitals expanding with $3.2M donation
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Planned Parenthood, other groups decry executive power in House bill
Planned Parenthood, other groups decry House bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Almost a quarter of Americans underinsured, survey finds
Survey: Almost a quarter of Americans underinsured
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
Express Scripts, Caremark, OptumRx fight back in lawsuit against FTC 
Express Scripts, Caremark, OptumRx sue FTC 
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth prescribing of controlled drugs extended through 2025
Telehealth prescribing of controlled drugs extended
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Jul 30, 2019 More on Compliance & Legal

FTC's $5 billion penalty for Facebook security lapses includes new health privacy restrictions

The fine is the largest ever imposed on any company for violating consumers' privacy, according to the FTC.

Jeff Lagasse, Editor

Facebook will pay a record $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users' privacy, according to a notice posted last week by the Federal Trade Commission.

The penalty is to settle FTC charges that the company violated a 2012 order by deceiving users about their ability to control the privacy of their personal information, including protected health information.

The $5 billion penalty against Facebook is the largest ever imposed on any company for violating consumers' privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide, according to the FTC. It is one of the largest penalties ever assessed by the U.S. government for any violation.

WHAT'S THE IMPACT

The settlement order also imposes new restrictions on Facebook's business operations and creates multiple channels of compliance. The order requires Facebook to restructure its approach to privacy from the corporate board-level down, and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy, and that those decisions are subject to meaningful oversight.

More than 185 million people in the U.S and Canada use Facebook on a daily basis. Facebook monetizes user information through targeted advertising, which generated most of the company's $55.8 billion in revenues in 2018. To encourage users to share information on its platform, Facebook promises users they can control the privacy of their information through its privacy settings.

Following a yearlong investigation by the FTC, the Department of Justice filed a complaint on behalf of the Commission alleging that Facebook repeatedly used deceptive disclosures and settings to undermine users' privacy preferences in violation of its 2012 order. These tactics allowed the company to share users' personal information with third-party apps that were downloaded by the user's Facebook friends. The FTC alleges that many users were unaware that Facebook was sharing such information, and therefore didn't take the steps needed to opt out of sharing.

THE LARGER TREND

Facebook was accused back in February of misleading users in its Group platform about who can see their private information. A report, written by CareSet Systems CTO and hacktivist Fred Trotter and healthcare attorney David Harlow, contends Facebook did not disclose how much information could be visible to outsiders -- including health information.

The document claimed that even though the social media site actively encourages users to share private health information in numerous ways, Facebook's privacy and access control sets are inconsistently applied.

In addition, the report said Facebook allowed substantial patient health information to leak, and said that as a personal health record platform, it is in violation of the FTC Health Breach Notification rule.

In April, Facebook announced it would create a new type of community dubbed "health support groups." According to a STAT report, once a Facebook community is labeled as a health support group, users can purportedly ask administrators to post health-related questions on their behalf.

Users must make a request to join closed groups on Facebook, and only current members can see who else is in the group, a change that was made to the site's policies earlier this year.

WHAT ELSE YOU SHOULD KNOW

To prevent Facebook from deceiving its users about privacy in the future, the FTC's new 20-year settlement order overhauls the way the company makes privacy decisions by boosting the transparency of decision-making, and holding Facebook accountable via overlapping channels of compliance.

The order creates greater accountability at the board of directors level. It establishes an independent privacy committee of Facebook's board of directors, removing unfettered control by Facebook CEO Mark Zuckerberg over decisions affecting user privacy. Members of the privacy committee must be independent and will be appointed by an independent nominating committee. Members can only be fired by a supermajority of the Facebook board of directors.

Facebook will also be required to designate compliance officers who will be responsible for Facebook's privacy program; submit to a third party assessor's evaluations of the effectiveness of its privacy program, and improve any gaps; conduct a privacy review of every new and modified product; establish and maintain a comprehensive data security program; encrypt user passwords and regularly scan to detect whether any passwords are stored in plain text formats.

Twitter: @JELagasse

Email the writer: jeff.lagasse@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.