Federal Trade Commission Expands Health Data Breach Notification Measures to Include More Apps and Technologies

The Federal Trade Commission (FTC) recently made updates to its health data breach notification measures in order to include more apps and technologies that are not currently covered by federal health privacy laws. These changes were issued on Friday and aim to address a gap in the current regulations, as health apps are generally not covered by the Health Insurance Portability and Accountability Act (HIPAA).

The revisions to the health breach notification final rule (RIN 3084-AB56) clarify that public health record related entities include individuals offering products and services online, such as mobile applications, or vendors of personal health records. This is significant as it expands the definition of entities subject to health data breach notification requirements, ensuring that individuals’ health information is protected regardless of the platform or technology being used.

By bringing more entities under the umbrella of health data protection regulations, the FTC is taking proactive steps to safeguard sensitive health information and promote accountability in the digital health landscape. These updates will enhance privacy and security measures for consumers using health-related apps and technologies, giving them greater confidence in sharing their personal information online. Overall, this action by the FTC is a positive step towards protecting consumers’ privacy and promoting transparency in the digital world.