Federal Trade Commission Expands Health Data Breach Notification Measures to Cover More Apps and Technologies

The Federal Trade Commission recently announced updates to its health data breach notification measures to encompass more apps and technologies that are not covered by current federal health privacy laws. This action is significant as it addresses a gap in the current regulations, as health apps are generally not covered by the Health Insurance Portability and Accountability Act (HIPAA).

The revisions to the health breach notification final rule (RIN 3084-AB56) were issued on Friday and included changes to the definition of “public health record related entity” to clarify that these entities include individuals offering products and services online, such as mobile applications, or vendors of personal health records. By expanding the definition of entities subject to health data breach notification requirements, the FTC is working to ensure that individuals’ health information is protected regardless of the platform or technology being used.

Overall, these updates aim to enhance privacy and security measures for consumers using health-related apps and technologies. By bringing more entities under the umbrella of health data protection regulations, the FTC is taking proactive steps to safeguard sensitive health information and promote accountability in the digital health landscape.