The Health Data Breach Notification Final Rule (RIN 3084-AB56) was recently updated by the Federal Trade Commission (FTC) to include more apps and technologies that were not previously covered by federal health privacy laws. This expansion of coverage ensures that a wider range of entities are now required to comply with health data breach notification measures.
One significant change made by the FTC is a revision to the definition of “public health record related entity” to clarify that this category includes individuals or entities that provide products and services online, including mobile applications, as well as vendors of personal health records. This update means that more apps and technologies are now subject to health data breach notification requirements.
The FTC’s action is important because many health apps and technologies fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA). This means that these entities may not have been previously covered by regulations that govern the protection of individuals’ health data. By updating its notification measures, the FTC is taking steps to address this gap in protection and ensure that health data privacy is upheld across a broader range of platforms.
Overall, this update marks an important step forward in protecting individuals’ health data privacy online. It shows that regulators are taking proactive steps to keep pace with technological advancements and ensure that consumers can trust that their personal information is being protected.
