Expanding Health Data Breach Notification Measures: What You Need to Know About the FTC’s Recent Updates

The Federal Trade Commission recently announced updates to its health data breach notification measures in order to encompass more apps and technologies that are not covered by current federal health privacy laws. The revisions to the health breach notification final rule (RIN 3084-AB56) were issued on Friday and included changes to the definition of “public health record related entity” to clarify that these entities include individuals offering products and services online, such as mobile applications, or vendors of personal health records.

This action by the FTC is significant as it addresses a gap in the current regulations, as health apps are generally not covered by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA primarily focuses on healthcare providers, health plans, and healthcare clearinghouses when it comes to protecting health information. By expanding the definition of entities subject to health data breach notification requirements, the FTC is working to ensure that individuals’ health information is protected regardless of the platform or technology being used.

Overall, these updates to the health data breach notification measures aim to enhance privacy and security measures for consumers using health-related apps and technologies. By bringing more entities under the umbrella of health data protection regulations, the FTC is taking proactive steps to safeguard sensitive health information and promote accountability in the digital health landscape. These updates also serve as a reminder for individuals using these apps and technologies