美女免费一级视频在线观看

It’s been a summer of litigation around third-party data usage. Last month, health media company Healthline Media LLC settled with the state of California, agreeing to pay a fine for violating the state’s data privacy practices. Earlier this summer, a jury found Meta was “eavesdropping” on women’s health data through the Flo Health app.

While it is not necessarily the first case of its kind to gain momentum, the settlement does have implications for medical marketers and the pharma industry. 

“This is a continuation of what we’ve seen in the past regarding the collection of health data and what different regulators mean by it,” said Mason Fitch, Counsel at Hintze Law, who is a member of the firm’s Health and Biotech Team. 

Details of the case 

Earlier this year, the attorney general of California sued Healthline Media, claiming that an investigation by the California Department of Justice found that the company failed to allow customers to opt out of targeted advertising and it shared data with third parties without CCPA-mandated privacy protections. 

The teams identified the data as datasets that may indicate that a person has been diagnosed with “a serious health condition.” 

Specifically, the complaint alleged that Healthline violated the CCPA and Unfair Competition Law by not only failing to opt out of sharing personal information for targeted advertising, but also violated the purpose limitation principle, failed to maintain CCPA required contracts and deceived customers of data privacy practices. 

The purpose limitation principle was allegedly violated as the CCPA notes that a business’s use of personal information is limited to the purposes for which the personal information was collected and disclosed. The attorney general suggested that Healthline violated this statute as it shared with advertisers the article titles that a consumer viewed. The titles could suggest that the consumer may already have been diagnosed with a specific medical condition, and thus allow an advertiser to target them using that information.

Healthline was also accused of failing to maintain CCPA contracts, meaning that Healthline assumed, but did not verify that third parties it worked with agreed to adhere to specific industry contractual frameworks. The company is now required to explicitly ensure that its advertising contracts contain privacy protections for readers’ data required by the CCPA. 

As part of the settlement, Healthline Media agreed to pay a $1.55 million civil penalties fine and implement a change in practices, which includes that it will not share article titles that reveal a consumer may have a specific health condition with targeted advertisers. 

The company is thus banned from engaging in these kinds of data transmissions. Healthline must also ensure that its opt-out mechanisms work correctly and must adhere to the CCPA compliance program, which mandates that Healthline must audit its contracts for specific, required privacy terms or confirmation that third parties have signed specific agreements that lay out these terms. 

MM+M reached out to Healthline Media for a response about this. The team redirected MM+M to its public statement, where it maintained that, “Under the judgment, which does not indicate Healthline violated the CCPA or any other laws, Healthline will continue to uphold its CCPA obligations.” 

Implications for healthcare marketers 

Legal experts in the field note that there are several implications that can be drawn from this case for the world of healthcare and medical marketing. 

One of the most pressing implications includes the use of the purpose limitation principle, which both Fitch and healthcare industry audience specialist expert, Jeremy Mittler noted is new for the state of California. 

“They drew on a new clause that hadn’t been used before in CCPA called purpose limitation,” said Mittler. “It’s really important because it’s kind of a playbook or blueprint for almost every other state that has similar language around purpose limitation — now they’ve given tools to almost any state to enforce what they believe in their judgment is an inference of sensitive data.”

The attorney general specifically outlined that the clause was violated as Healthline shared article titles that may have suggested that a consumer may be diagnosed with a specific condition with third-party targeted advertisers. 

These articles in question had titles like “If you have HIV, this is what you should know.”

This specific definition indicates that sharing these types of articles with these specific titles could constitute “sensitive health data” and has implications for sharing this type of data in the future. 

As one of the terms of settlement was to prohibit the sharing of such article titles with advertisers, experts note that healthcare and pharma marketers should be aware that this kind of information may be brought up in litigation. 

Fitch noted that marketers should also pay attention to the language they use to design specific educational content. Instead of something like “If you have HIV, this is what you should know,” titles with less emphasis on a specific diagnosis like “Curious about HIV? What to know” could work better. 

Another implication of the settlement is Healthline’s alleged failure to have explicit agreements with third-party contractors that were in line with CCPA standards. 

Dan Vorhaus, the General Counsel and Chief Operating Officer of Ostro Health, said that when it comes to the future of agreements, marketers should explicitly indicate what kind of data is being collected and shared to third parties, and be very clear about the opt out mechanisms for consumers. 

“If you read through the settlement, they don’t really ascribe much malice or intent to Healthline. It indicates that Healthline had the right sort of structures in place, and went through significant remediation effort once the case was brought up, but despite that they also don’t really get a Get Out of Jail Free card,” said Vorhaus. 

“You’ve got to do what you say, and it’s got to work the way you said. If you were opting people out, you should give people multiple pathways to opt out,” he added. 

When it comes to pharma marketing, the clauses discussed in the Healthline settlement could also have implications for the way pharma direct to consumer platforms are built. 

As many of these platforms, like LillyDirect or PfizerforAll house educational resources and direct customers to third-party telehealth platforms, experts warn that product designers and content developers should be aware of how content and redirection interface with data sharing. 

“It’s not just enough to say, ‘are we buttoned up in terms of how the consumer engages with us on the platform?’ You have to really think through every element of the consumer experience and then the data experience. Where does the data go? Where does it flow? Who are my partners that I’m working with for whatever this is, and the entirety is your responsibility?” said Mittler. 

He also added that marketers should be aware if any of the content on these platforms indicate any type of “inference” about a customer’s specific health condition. 

Fitch also noted that marketers should be aware of the URL description of pages, how those are described and how they are being shared. 

While this case seems to have several implications for pharma, one of the looming questions is the severity of these implications because the case was settled rather than going to trial. 

Despite it being a settled case, experts maintain that marketers should still understand its implications, particularly as Healthline Media agreed to make specific changes to its model moving forward. 

Plus, the case provides a framework for how health data privacy regulators think. 

“At least know what the California privacy regulator thinks about these particular issues, right?” said Vorhaus. “It’s not guaranteed that the court will agree, however, having similar terms could bring about litigation. However, not everything that ultimately enforces the CPRA is going to go through that same pathway.”

While the future of health data privacy is still yet to be set, it is clear that some rules around the sharing of personal health data have been laid out.

“Personal advertising in the health industry is going to become more difficult,” said Fitch. “And the industry needs to look at different models to mitigate some of the challenges moving forward.”