Jennifer Geetter and Shelby Buettner wrote this bylined article describing how most pharmaceutical and biotech companies are not directly regulated by HIPAA privacy requirements. Absent a HIPAA benchmark for their privacy and security choices, drug companies “must develop their own standards informed by US Federal Trade Commission (FTC) principles and state law,” the authors wrote
